VMware ESXi esxcli Command: A Quick Tutorial

The esxcli is a command tool that is available on VMware ESXi for managing ESXi. Unlike the vim-cmd command, it focuses on underlying infrastructure and touches lower level of controls of the ESXi hypervisor itself. Although it’s just one command, it packs a lot of functionalities with different namespaces/sub-namespaces, and sub-commands. Because they are organized in nice tree hierarchy, it’s actually quite easy to use most times.

You can run the esxcli command directly in ESXi BusyBox Shell. For that you will need to have either direct access to the ESXi console, or SSH to the ESXi (you need to turn on the SSH Shell access). Should you have multiple ESXi servers to run the commands simultaneously, try the free DoubleCloud ICE I developed.

Bothered by SLOW Web UI to manage vSphere? Want to manage ALL your VMware vCenters, AWS, Azure, Openstack, container behind a SINGLE pane of glass? Want to search, analyze, report, visualize VMs, hosts, networks, datastores, events as easily as Google the Web? Find out more about vSearch 3.0: the search engine for all your private and public clouds.

Alternatively, you can install vCLI on Windows or Linux from where you want to remotely manage ESXi servers. If you don’t want to install the package by yourself, you can download the vMA virtual appliance which has everything pre-installed and pre-configured. When you run the command this way, there is additional parameters for remote ESXi server address and credential. Other than that, the command syntax should be the same as native esxcli command.

There is actually another choice which is not documented but I digged it out anyway – You can run esxcli command in a browser. If you are interested, you can check out this post. Note that this is not supported by VMware.

This tutorial will guide you through all functionalities with samples and tips/tricks assuming we are using the native esxcli command. Given the complexity of the command, I cannot run all the combinations of parameters, please feel free to use the help and try by yourself when you cannot find exact sample. Should you find something worth sharing, please feel free to post them in the comments.

Where Is It Installed?

The esxcli command utility comes with the ESXi installation. If you type in the following commands you will find where it’s installed. Even more is that you will uncover the a little secret of esxcli – it’s essentially a Python script. If you are interested in what is in the script, you can simply check it out with vi command. We’ll not dig deeper there, but focus on the usage of the command as a user.

~ # which esxcli
/sbin/esxcli
~ # ls -l /sbin/esxcli
lrwxrwxrwx    1 root     root            15 Aug  2  2012 /sbin/esxcli -> /sbin/esxcli.py

What You Can Do With It?

Unlike the vim-cmd command which mainly focuses on the virtual machine related management, the esxcli focuses on the infrastructure like hardware, storage, networking, esxi software, etc.

Typing the esxcli command without any argument will displays the command usage. With the options, you can control the format of the output to be xml, csv, key/value pair, or json.

The esxcli command is a very complex command that achieve a lot given it’s a single command. To help user to use the command without getting confused, the namespaces are used to group the commands. The namespaces can be further divided into sub-namespaces depending the complexity.

The following command shows the top level namespaces, each of which can be nicely mapped to a group of functionality. Just reading description of these commands should give you an idea on what esxcli can do for you. We’ll dig deeper into each of them in the following sections.

~ # esxcli
Usage: esxcli [options] {namespace}+ {cmd} [cmd options]
 
Options:
  --formatter=FORMATTER
                        Override the formatter to use for a given command.
                        Available formatter: xml, csv, keyvalue
  --debug               Enable debug or internal use options
  --version             Display version information for the script
  -?, --help            Display usage information for the script
 
Available Namespaces:
  esxcli                Commands that operate on the esxcli system itself
                        allowing users to get additional information.
  fcoe                  VMware FCOE commands.
  hardware              VMKernel hardware properties and commands for
                        configuring hardware.
  iscsi                 VMware iSCSI commands.
  network               Operations that pertain to the maintenance of
                        networking on an ESX host. This includes a wide
                        variety of commands to manipulate virtual networking
                        components (vswitch, portgroup, etc) as well as local
                        host IP, DNS and general host networking settings.
  sched                 VMKernel system properties and commands for
                        configuring scheduling related functionality.
  software              Manage the ESXi software image and packages
  storage               VMware storage commands.
  system                VMKernel system properties and commands for
                        configuring properties of the kernel core system.
  vm                    A small number of operations that allow a user to
                        Control Virtual Machine operations.

A bit more on the format. In the interactive mode, the default format of output is perfect. If you use the esxcli command for automation, other formats may be preferred. For example, the CSV can be easily imported into Excel or other spreadsheet for reporting and analytics. The XML is very good for data exchange. The key and value pairs are good shell script to consume. There are actually undocumented formats as I blogged about a while back.

High Level Conventions

In some way, the esxcli namespaces are like Java packages. At certain points down the namespace hierarchy, you can find available commands (think of them as methods on a class). One big difference is that there can be commands on a non-leaf namespace. Simply entering the full esxcli and namespace path will show both available namespaces and available commands.

The commands are mostly verbs as follows:

* list – retrieve a list of the objects that are represented by the namespace
* get – get information like property
* set – set a value
* load/unload – load/unload configuration

Note that they are not necessarily available in all the namespaces. When in double, always checkout the command line.

Depending on the command, there may be additional options specific to the command. These options are different from the general options which are always available for all commands.

Without further due, let’s jump to the sub-commands one by one.

Listing All esxcli Namespaces and Commands

Interestingly, the esxcli can also be a sub command to the esxcli command itself. What it does is very simple — list all the available namespaces and their commands. Because there are so many lines in the output, I will just show you the first few lines. You can easily find out in your SSH to ESXi.

~ # esxcli esxcli command
Usage: esxcli esxcli command {cmd} [cmd options]
 
Available Commands:
  list                  This command will list all of the esxcli commands with their namespace,
                        object, command name and description.
~ # esxcli esxcli command list
Namespace                                               Command    
------------------------------------------------------  -----------
esxcli.command                                          list       
fcoe.adapter                                            list       
fcoe.nic                                                disable    
fcoe.nic                                                discover   
fcoe.nic                                                list       
hardware.bootdevice                                     list       
hardware.clock                                          get        
hardware.clock            
...

Now, let’s take a look how to interpret the output. For each line, there is a corresponding esxcli command. Let’s pick up the second line “fcoe.adapter.” The related command is like the following:

$ esxcli fcoe adapter list

The rule of thumb is to replace the dot with space and combine string together with top esxcli command and last command. For some commands, there are additional parameters, you may need to add there. For the list command, it’s mostly fine without additional parameters except the format as we discussed earlier.

Managing Fiber Channel Over Ethernet (FCOE)

We will not cover FCOE here as there are many good introduction already. Check out Cormac’s blog.

The following command shows it has two name spaces: adapter and nic.

~ # esxcli fcoe 
Usage: esxcli fcoe {cmd} [cmd options]
 
Available Namespaces:
  adapter               Operations that can be performed on FCOE-type storage HBAs
  nic                   Operations that can be performed on FCOE-capable CNA devices

To list adapters, you can use the following command:

# esxcli fcoe adapter list

I don’t have a FCOE adapter in my home lab, but got a sample out from VMware KB article here for each adapter:

vmhba35
Source MAC: bc:30:5b:01:82:3c
FCF MAC: 00:05:73:bf:48:33
VNPort MAC: 0e:fc:00:47:02:24
Physical NIC: vmnic8
User Priority: 3
VLAN id: 2008

For the NIC namespace, there are more commands available:

~ # esxcli fcoe nic 
Usage: esxcli fcoe nic {cmd} [cmd options]
 
Available Commands:
  disable               Disable rediscovery of FCOE storage on behalf of an FCOE-capable CNA upon
                        next boot.
  discover              Initiate FCOE adapter discovery on behalf of an FCOE-capable CNA.
  list                  List FCOE-capable CNA devices.

Here are the sample commands: (Again, the output sample from above KB article)

# esxcli fcoe nic list
 
vmnic4
User Priority: 3
Source MAC: FF:FF:FF:FF:FF:FF
Active: false
Priority Settable: false
Source MAC Settable: false
VLAN Range Settable: false
 
~ # esxcli fcoe nic discover -n vmnic1
PNIC "vmnic1" is not FCoE-capable
 
~ # esxcli fcoe nic disable -n vmnic4
PNIC "vmnic4" is not FCoE-capable

Managing Hardware

All the hardware related commands fit in the hardware namespace. As you can see the following output, you can retrieve information or manage various aspects of the hardware including cpu, ipmi, boot device, clock, memory, pci, platform (a little vague term, but will elaborate more soon), trusted boot.

Because hardware is hard, you cannot do much about it but retrieving the information about these components or aspects. So the list command is the most commonly used in this category.

~ # esxcli hardware                  
Usage: esxcli hardware {cmd} [cmd options]
 
Available Namespaces:
  cpu                   CPU information.
  ipmi                  IPMI information.
  bootdevice            Boot device information.
  clock                 Interaction with the hardware clock.
  memory                Memory information.
  pci                   PCI device information and configuration.
  platform              Platform information.
  trustedboot           Information about the status of trusted boot.

The following command lists the CPU related information. There are 8 cores, but I just show 2 core inforation here – the rest 6 is pretty much the same.

~ # esxcli hardware cpu list                                             
CPU:0
   Id: 0
   Package Id: 0
   Family: 6
   Model: 58
   Type: 0
   Stepping: 9
   Brand: GenuineIntel
   Core Speed: 3392293892
   Bus Speed: 99773344
   APIC ID: 0x0
   Node: 0
   L2 Cache Size: 262144
   L2 Cache Associativity: 8
   L2 Cache Line Size: 64
   L2 Cache CPU Count: 2
   L3 Cache Size: 8388608
   L3 Cache Associativity: 16
   L3 Cache Line Size: 64
   L3 Cache CPU Count: 2
 
CPU:1
   Id: 1
   Package Id: 0
   Family: 6
   Model: 58
   Type: 0
   Stepping: 9
   Brand: GenuineIntel
   Core Speed: 3392293892
   Bus Speed: 99773344
   APIC ID: 0x1
   Node: 0
   L2 Cache Size: 262144
   L2 Cache Associativity: 8
   L2 Cache Line Size: 64
   L2 Cache CPU Count: 2
   L3 Cache Size: 8388608
   L3 Cache Associativity: 16
   L3 Cache Line Size: 64
   L3 Cache CPU Count: 2

IPMI stands for Intelligent Platform Management Interface (http://en.wikipedia.org/wiki/Intelligent_Platform_Management_Interface). It allows remotely managing the server over IP network. From the esxcli commmand, you can further manage the Field Replaceable Unit, Sensor Data Repository, and System event log.

  ~ # esxcli hardware ipmi
Usage: esxcli hardware ipmi {cmd} [cmd options]
 
Available Namespaces:
  fru                   Information from IPMI Field Replaceable Unit inventory (FRU).
  sdr                   Information from IPMI Sensor Data Respository (SDR).
  sel                   Information from IPMI System Event Log (SEL).

My server in use does not have the IPMI support, so the following commands return nothing or empty values. If you have enabled servers, you will see more with the same commands.

~ # esxcli hardware ipmi fru
Usage: esxcli hardware ipmi fru {cmd} [cmd options]
 
Available Commands:
  get                   Get IPMI Field Replaceable Unit (FRU) device details.
  list                  List IPMI Field Replaceable Unit (FRU) inventory.
~ # esxcli hardware ipmi fru list
~ # esxcli hardware ipmi fru get     
   Device IDs: 
   Features: 
   Raw: 
   Sizebytes: 
~ # esxcli hardware ipmi sdr get
   Feature: 
   Free Space: 
   Last Added: 
   Last Cleared: 
   Raw: 
   Total Records: 
   Version: 
~ # esxcli hardware ipmi sdr list
~ # esxcli hardware ipmi sel get
   Enabled: 
   Last Added: 
   Last Cleared: 
   Maximum Records: 
   Overflow: 
   Raw: 
   Sel Clock: 
   Total Records: 
   Version: 
~ # esxcli hardware ipmi sel list

Listing the boot devices is supported with the bootdevice namespace as follows. Interestingly, the output lists nothing – the server did boot successfully.

~ # esxcli hardware bootdevice list

Every computer has a clock. With esxcli command, you can get the time on the clock, and change the time on the clock. The parameters to set up new time is a little tricky, but using the help should be very easy. You can set individual component of the time, say year, month, etc.

~ # esxcli hardware clock get
2015-04-19T01:49:44Z
~ # esxcli hardware clock set
You must specify one of year, month, day, hour, minute or second
~ # esxcli hardware clock set 2015
Error: Unknown command or namespace hardware clock set 2015
 
~ # esxcli hardware clock set --help
Usage: esxcli hardware clock set [cmd options]
 
Description: 
  set                   Set the hardware clock time. Any missing parameters will default to the
                        current time.
 
Cmd options:
  -d|--day=       Day
  -H|--hour=      Hour
  -m|--min=       Minute
  -M|--month=     Month
  -s|--sec=       Second
  -y|--year=      Year
~ # esxcli hardware clock set -y 2015

Retrieving the physical memory of ESXi server is very simple with the following command. It also shows the NUMA node count.

~ # esxcli hardware memory get
   Physical Memory: 12845969408 Bytes
   NUMA Node Count: 1

PCI information can be retrieved with the pci name space as follows. The output is pretty long, so I just include the first device. With the long output, you can pipeline it to grep command for exact information you are interested in.

~ # esxcli hardware pci list
000:000:00.0
   Address: 000:000:00.0
   Segment: 0x0000
   Bus: 0x00
   Slot: 0x00
   Function: 0x00
   VMkernel Name: 
   Vendor Name: Intel Corporation
   Device Name: Ivy Bridge DRAM Controller
   Configured Owner: Unknown
   Current Owner: VMkernel
   Vendor ID: 0x8086
   Device ID: 0x0150
   SubVendor ID: 0x17aa
   SubDevice ID: 0x364e
   Device Class: 0x0600
   Device Class Name: Host bridge
   Programming Interface: 0x00
   Revision ID: 0x09
   Interrupt Line: 0xff
   IRQ: 255
   Interrupt Vector: 0x00
   PCI Pin: 0x74
   Spawned Bus: 0x00
   Flags: 0x0200
   Module ID: -1
   Module Name: None
   Chassis: 0
   Physical Slot: 255
   Slot Description: 
   Passthru Capable: false
   Parent Device: 
   Dependent Device: 
   Reset Method: None
   FPT Sharable: false

Now it’s time for the vague platform namespace. Let’s start with the command itself. With that, I don’t need to explain what the platform is.

~ # esxcli hardware platform get
Platform Information
   UUID: 0x7a 0x9d 0x99 0xec 0x9d 0xa9 0x11 0xe1 0xaf 0x78 0xb8 0xfd 0x56 0x1b 0x2a 0x0 
   Product Name: IdeaCentre K430
   Vendor Name: LENOVO
   Serial Number: ES09832596
   IPMI Supported: false

Last one in the hardware is the trusted boot. Again, my server does not have the feature. For more details on the technology, check out this wiki page: http://en.wikipedia.org/wiki/Trusted_Execution_Technology

~ # esxcli hardware trustedboot get
   Drtm Enabled: false
   Tpm Present: false

ESXi Kernel Scheduling

With the sched namespace, we can manage VMKernel system properties and configure scheduling related functionality like swapping.

~ # esxcli sched swap system
Usage: esxcli sched swap system {cmd} [cmd options]
 
Available Commands:
  get                   Get current state of the options of the system-wide shared
                        swap space.
  set                   Change the configuration of system-wide shared swap space.
~ # esxcli sched swap system get
   Datastore Active: false
   Datastore Enabled: false
   Datastore Name: 
   Datastore Order: 0
   Hostcache Active: false
   Hostcache Enabled: true
   Hostcache Order: 1
   Hostlocalswap Active: false
   Hostlocalswap Enabled: true
   Hostlocalswap Order: 2

The changing of properties is through the set command. You can change one or more properties at a time with the switches as listed below.

~ # esxcli sched swap system set --help
Usage: esxcli sched swap system set [cmd options]
 
Description: 
  set                   Change the configuration of system-wide shared swap space.
 
Cmd options:
  -d|--datastore-enabled 
                        If the datastore option should be enabled or not.
  -n|--datastore-name=
                        The name of the datastore used by the datastore option.
  -D|--datastore-order=
                        The order of the datastore option in the preference of the
                        options
  -c|--hostcache-enabled
                        If the host cache option should be enabled or not.
  -C|--hostcache-order=
                        The order of the host cache option in the preference of
                        the options.
  -l|--hostlocalswap-enabled
                        If the host local swap option should be enabled or not.
  -L|--hostlocalswap-order=
                        The order of the host local swap option in the preference
                        of the options.

Managing VIB Software

The design of ESXi is to keep the hypervisor as small as possible. Being small has many benefits, for example, less exposure to security attacks. At the same time, we need some flexibility to install new drivers or other software agents on the ESXi. This allows VMware partners to customize the system and extend the system with additional functionalities.

For that purpose, VMware created VIB format based on a Linux package system. It has related SDK for others to build the VIB. The commands in this section is about how to manage the VIBs with command line.

~ # esxcli software
Usage: esxcli software {cmd} [cmd options]
 
Available Namespaces:
  sources               Query depot contents for VIBs and image profiles
  acceptance            Retrieve and set the host acceptance level setting
  profile               Display, install, update or validates image profiles
  vib                   Install, update, remove, or display individual VIB
                        packages

You can use the sources namespace to “browse” the VIB packages in a VIB depot. Before running the command, you want to modify firewall to allow HTTP client.

~ # esxcli network firewall ruleset set -e true -r httpClient
~ # esxcli software sources vib list -d http://vibsdepot.v-front.de
Name                          Version                    Vendor    Creation Date  Acceptance Level    Status
----------------------------  -------------------------  --------  -------------  ------------------  ------
sata-xahci                    1.28-1                     VFrontDe  2015-02-20     CommunitySupported  New   
sata-xahci                    1.25-1                     VFrontDe  2014-11-23     CommunitySupported  New   
sata-xahci                    1.24-1                     VFrontDe  2014-09-06     CommunitySupported  New   
sata-xahci                    1.16-1                     VFrontDe  2014-04-12     CommunitySupported  New   
...

In this sample, I used the v-front.de which has a rich collection of VIBs. In your company, you may have your own VIB depot.

If you use the get command, you will get a lot more details than the list. The following shows one part of the long output.

~ # esxcli software sources vib get -d http://vibsdepot.v-front.de      
VFrontDe_bootbank_sata-xahci_1.28-1
   Name: sata-xahci
   Version: 1.28-1
   Type: bootbank
   Vendor: VFrontDe
   Acceptance Level: CommunitySupported
   Summary: Adds mappings for unsupported SATA AHCI controllers
   Description: Adds mappings for unsupported SATA AHCI controllers
   ReferenceURLs: kb|http://vibsdepot.v-front.de/wiki/index.php/Sata-xahci
   Creation Date: 2015-02-20
   Depends: sata-ahci
   Conflicts: 
   Replaces: 
   Provides: 
   Maintenance Mode Required: True
   Hardware Platforms Required: 
   Live Install Allowed: False
   Live Remove Allowed: False
   Stateless Ready: True
   Overlay: False
   Tags: 
   Payloads: sata-xah

This blog post has excellent introduction and more sample commands.

You can list the image profiles as follows. I intentionally used ESXi-6.0 for grep, or will get a lot more lines in output. Again, it connects to external site and you want to open firewall before this.

~ # esxcli software sources profile list -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml | grep ESXi-6.0 | sort
ESXi-6.0.0-20150404001-no-tools   VMware, Inc.  PartnerSupported
ESXi-6.0.0-20150404001-standard   VMware, Inc.  PartnerSupported
ESXi-6.0.0-2494585-no-tools       VMware, Inc.  PartnerSupported
ESXi-6.0.0-2494585-standard       VMware, Inc.  PartnerSupported

To find out the exact content in an image profile:

~ # esxcli software sources profile get -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml -p ESXi-6.0.0-20150404001-no-tools
ESXi-6.0.0-20150404001-no-tools
   Acceptance Level: PartnerSupported
   Name: ESXi-6.0.0-20150404001-no-tools
   Vendor: VMware, Inc.
   Creation Time: 2015-03-26T01:59:10
   Modification Time: 2015-03-26T01:59:10
   Stateless Ready: True
   Description: 
 
      For more information, see http://kb.vmware.com/kb/2111979.
 
   VIBs: ata-pata-amd 0.3.10-3vmw.600.0.0.2494585, ata-pata-atiixp 0.4.6-4vmw.600.0.0.2494585, ata-pata-cmd64x 0.2.5-3vmw.600.0.0.2494585, ata-pata-hpt3x2n 0.3.4-3vmw.600.0.0.2494585, ata-pata-pdc2027x 1.0-3vmw.600.0.0.2494585, ata-pata-serverworks 0.4.3-3vmw.600.0.0.2494585, ata-pata-sil680 0.4.8-3vmw.600.0.0.2494585, ata-pata-via 0.3.3-2vmw.600.0.0.2494585, block-cciss 3.6.14-10vmw.600.0.0.2494585, cpu-microcode 6.0.0-0.0.2494585, ehci-ehci-hcd 1.0-3vmw.600.0.0.2494585, elxnet 10.2.309.6v-1vmw.600.0.0.2494585, emulex-esx-elxnetcli 10.2.309.6v-0.0.2494585, esx-base 6.0.0-0.5.2615704, esx-dvfilter-generic-fastpath 6.0.0-0.0.2494585, esx-tboot 6.0.0-0.0.2494585, esx-xserver 6.0.0-0.0.2494585, ima-qla4xxx 2.02.18-1vmw.600.0.0.2494585, ipmi-ipmi-devintf 39.1-4vmw.600.0.0.2494585, ipmi-ipmi-msghandler 39.1-4vmw.600.0.0.2494585, ipmi-ipmi-si-drv 39.1-4vmw.600.0.0.2494585, lpfc 10.2.309.8-2vmw.600.0.0.2494585, lsi-mr3 6.605.08.00-6vmw.600.0.0.2494585, lsi-msgpt3 06.255.12.00-7vmw.600.0.0.2494585, lsu-hp-hpsa-plugin 1.0.0-1vmw.600.0.0.2494585, lsu-lsi-lsi-mr3-plugin 1.0.0-1vmw.600.0.0.2494585, lsu-lsi-lsi-msgpt3-plugin 1.0.0-1vmw.600.0.0.2494585, lsu-lsi-megaraid-sas-plugin 1.0.0-1vmw.600.0.0.2494585, lsu-lsi-mpt2sas-plugin 1.0.0-1vmw.600.0.0.2494585, lsu-lsi-mptsas-plugin 1.0.0-1vmw.600.0.0.2494585, misc-cnic-register 1.78.75.v60.7-1vmw.600.0.0.2494585, misc-drivers 6.0.0-0.0.2494585, mtip32xx-native 3.8.5-1vmw.600.0.0.2494585, net-bnx2 2.2.4f.v60.10-1vmw.600.0.0.2494585, net-bnx2x 1.78.80.v60.12-1vmw.600.0.0.2494585, net-cnic 1.78.76.v60.13-2vmw.600.0.0.2494585, net-e1000 8.0.3.1-5vmw.600.0.0.2494585, net-e1000e 2.5.4-6vmw.600.0.0.2494585, net-enic 2.1.2.38-2vmw.600.0.0.2494585, net-forcedeth 0.61-2vmw.600.0.0.2494585, net-igb 5.0.5.1.1-5vmw.600.0.0.2494585, net-ixgbe 3.7.13.7.14iov-20vmw.600.0.0.2494585, net-mlx4-core 1.9.7.0-1vmw.600.0.0.2494585, net-mlx4-en 1.9.7.0-1vmw.600.0.0.2494585, net-nx-nic 5.0.621-5vmw.600.0.0.2494585, net-tg3 3.131d.v60.4-1vmw.600.0.0.2494585, net-vmxnet3 1.1.3.0-3vmw.600.0.0.2494585, nmlx4-core 3.0.0.0-1vmw.600.0.0.2494585, nmlx4-en 3.0.0.0-1vmw.600.0.0.2494585, nmlx4-rdma 3.0.0.0-1vmw.600.0.0.2494585, nvme 1.0e.0.35-1vmw.600.0.0.2494585, ohci-usb-ohci 1.0-3vmw.600.0.0.2494585, qlnativefc 2.0.12.0-5vmw.600.0.0.2494585, rste 2.0.2.0088-4vmw.600.0.0.2494585, sata-ahci 3.0-21vmw.600.0.0.2494585, sata-ata-piix 2.12-10vmw.600.0.0.2494585, sata-sata-nv 3.5-4vmw.600.0.0.2494585, sata-sata-promise 2.12-3vmw.600.0.0.2494585, sata-sata-sil 2.3-4vmw.600.0.0.2494585, sata-sata-sil24 1.1-1vmw.600.0.0.2494585, sata-sata-svw 2.3-3vmw.600.0.0.2494585, scsi-aacraid 1.1.5.1-9vmw.600.0.0.2494585, scsi-adp94xx 1.0.8.12-6vmw.600.0.0.2494585, scsi-aic79xx 3.1-5vmw.600.0.0.2494585, scsi-bnx2fc 1.78.78.v60.8-1vmw.600.0.0.2494585, scsi-bnx2i 2.78.76.v60.8-1vmw.600.0.0.2494585, scsi-fnic 1.5.0.45-3vmw.600.0.0.2494585, scsi-hpsa 6.0.0.44-4vmw.600.0.0.2494585, scsi-ips 7.12.05-4vmw.600.0.0.2494585, scsi-megaraid-mbox 2.20.5.1-6vmw.600.0.0.2494585, scsi-megaraid-sas 6.603.55.00-2vmw.600.0.0.2494585, scsi-megaraid2 2.00.4-9vmw.600.0.0.2494585, scsi-mpt2sas 19.00.00.00-1vmw.600.0.0.2494585, scsi-mptsas 4.23.01.00-9vmw.600.0.0.2494585, scsi-mptspi 4.23.01.00-9vmw.600.0.0.2494585, scsi-qla4xxx 5.01.03.2-7vmw.600.0.0.2494585, uhci-usb-uhci 1.0-3vmw.600.0.0.2494585, xhci-xhci 1.0-2vmw.600.0.0.2494585

Supposedly you can download a zip and point the depot to it as follows. Somehow it does not work even though I had the full path to the zip file as recommended by a few bloggers.

~ # esxcli software sources profile list -d /vmfs/volumes/datastore1/ESXi510-201406001.zip                      
 [MetadataDownloadError]
 Could not download from depot at zip:/vmfs/volumes/datastore1/ESXi510-201406001.zip?index.xml, skipping (('zip:/vmfs/volumes/datastore1/ESXi510-201406001.zip?index.xml', '', 'Error extracting index.xml from /vmfs/volumes/datastore1/ESXi510-201406001.zip: File is not a zip file'))
        url = zip:/vmfs/volumes/datastore1/ESXi510-201406001.zip?index.xml
 Please refer to the log file for more details.

The error message is not true because the zip file seems a valid zip file (not all output lines are listed)

~ # unzip -l /vmfs/volumes/datastore1/ESXi510-201406001.zip 
Archive:  /vmfs/volumes/datastore1/ESXi510-201406001.zip
  Length     Date   Time    Name
 --------    ----   ----    ----
      319  06-14-14 15:45   index.xml
      207  06-14-14 15:45   vendor-index.xml
    80403  06-14-14 15:45   metadata.zip
177231686  04-14-14 07:31   vib20/tools-light/VMware_locker_tools-light_5.1.0-2.28.1743533.vib
    63758  08-01-12 20:49   vib20/scsi-bnx2i/VMware_bootbank_scsi-bnx2i_1.9.1d.v50.1-5vmw.510.0.0.799733.vib

ESXi has different level of acceptance for installing new VIBs. Changing acceptance levels enables installing VIBs from other vendors possible.

~ # esxcli software acceptance
Usage: esxcli software acceptance {cmd} [cmd options]
 
Available Commands:
  get                   Gets the host acceptance level. This controls what VIBs will be allowed on a host.
  set                   Sets the host acceptance level. This controls what VIBs will be allowed on a host.
 
~ # esxcli software acceptance get
PartnerSupported  
 
~ # esxcli software acceptance set --level CommunitySupported 
Host acceptance level changed to 'CommunitySupported'.

The level must be one of the values: VMwareCertified, VMwareAccepted, PartnerSupported, CommunitySupported. The acceptance level decides if some packages can be installed or not. From VMwareCertified to CommunitySupported, the criteria loosens up.

Different VIBs combined together forms a big collection called image profile. To manage image profile, the following commands can be used:

~ # esxcli software profile    
Usage: esxcli software profile {cmd} [cmd options]
 
Available Commands:
  get                   Display the installed image profile.
  install               Installs or applies an image profile from a depot to this host. This command
                        completely replaces the installed image with the image defined by the new image
                        profile, and may result in the loss of installed VIBs. The common vibs between host
                        and image profile will be skipped. To preserve installed VIBs, use profile update
                        instead. WARNING: If your installation requires a reboot, you need to disable HA
                        first.
  update                Updates the host with VIBs from an image profile in a depot. Installed VIBs may be
                        upgraded (or downgraded if --allow-downgrades is specified), but they will not be
                        removed. Any VIBs in the image profile which are not related to any installed VIBs
                        will be added to the host. WARNING: If your installation requires a reboot, you need
                        to disable HA first.
  validate              Validates the current image profile on the host against an image profile in a depot.
 
~ # esxcli software profile get
ESXi-5.1.0-799733-standard
   Name: ESXi-5.1.0-799733-standard
   Vendor: VMware, Inc.
   Creation Time: 2012-12-16T13:24:21
   Modification Time: 2015-04-19T13:06:04
   Stateless Ready: True
   Description: 
 
      The general availability release of VMware ESXi Server 5.1.0
      brings whole new levels of virtualization performance to
      datacenters and enterprises.
 
   VIBs: ata-pata-amd 0.3.10-3vmw.510.0.0.799733, ata-pata-atiixp 0.4.6-4vmw.510.0.0.799733, ata-pata-cmd64x 0.2
 
~ # esxcli software vib
Usage: esxcli software vib {cmd} [cmd options]
 
Available Commands:
  get                   Displays detailed information about one or more installed VIBs
  install               Installs VIB packages from a URL or depot. VIBs may be installed, upgraded, or
                        downgraded. WARNING: If your installation requires a reboot, you need to disable HA
                        first.
  list                  Lists the installed VIB packages
  remove                Removes VIB packages from the host. WARNING: If your installation requires a reboot,
                        you need to disable HA first.
  update                Update installed VIBs to newer VIB packages. No new VIBs will be installed, only
                        updates. WARNING: If your installation requires a reboot, you need to disable HA
                        first.

It’s quite easy to list all the VIBs installed on the system. The following shows the command and part of output.

~ # esxcli software vib list
Name                           Version                             Vendor  Acceptance Level  Install Date
-----------------------------  ----------------------------------  ------  ----------------  ------------
ata-pata-amd                   0.3.10-3vmw.510.0.0.799733          VMware  VMwareCertified   2012-12-16  
ata-pata-atiixp                0.4.6-4vmw.510.0.0.799733           VMware  VMwareCertified   2012-12-16  
ata-pata-cmd64x                0.2.5-3vmw.510.0.0.799733           VMware  VMwareCertified   2012-12-16  
ata-pata-hpt3x2n               0.3.4-3vmw.510.0.0.799733           VMware  VMwareCertified   2012-12-16  
ata-pata-pdc2027x              1.0-3vmw.510.0.0.799733             VMware  VMwareCertified   2012-12-16  
ata-pata-serverworks           0.4.3-3vmw.510.0.0.799733           VMware  VMwareCertified   2012-12-16  
ata-pata-sil680                0.4.8-3vmw.510.0.0.799733           VMware  VMwareCertified   2012-12-16  
ata-pata-via                   0.3.3-2vmw.510.0.0.799733           VMware  VMwareCertified   2012-12-16  
block-cciss                    3.6.14-10vmw.510.0.0.799733         VMware  VMwareCertified   2012-12-16  
ehci-ehci-hcd                  1.0-3vmw.510.0.0.799733             VMware  VMwareCertified   2012-12-16  
esx-base                       5.1.0-0.0.799733                    VMware  VMwareCertified   2012-12-16  
esx-dvfilter-generic-fastpath  5.1.0-0.0.799733                    VMware  VMwareCertified   2012-12-16  
esx-tboot                      5.1.0-0.0.799733                    VMware  VMwareCertified   2012-12-16  
esx-xlibs                      5.1.0-0.0.799733                    VMware  VMwareCertified   2012-12-16  						
...

To get more details of a specific VIB, you can use the get command as follows with the VIB name.

~ # esxcli software vib get -n net-e1000e
VMware_bootbank_net-e1000e_1.1.2-3vmw.510.0.0.799733
   Name: net-e1000e
   Version: 1.1.2-3vmw.510.0.0.799733
   Type: bootbank
   Vendor: VMware
   Acceptance Level: VMwareCertified
   Summary: e1000e: net driver for VMware ESX
   Description: Intel(R) PRO/1000 PCI-E Network Driver
   ReferenceURLs: 
   Creation Date: 2012-08-02
   Depends: vmkapi_2_1_0_0, com.vmware.driverAPI-9.2.1.0
   Conflicts: 
   Replaces: 
   Provides: 
   Maintenance Mode Required: True
   Hardware Platforms Required: 
   Live Install Allowed: False
   Live Remove Allowed: False
   Stateless Ready: True
   Overlay: False
   Tags: driver, module
   Payloads: net-e100

To install a VIB, you should install command with VIB locations. For the VIB not signed, you want to turn off the signature checking with –no-sig-check option. WARNING: If your installation requires a reboot, you need to disable HA first.

$ esxcli software vib install -v /tmp/doublecloud-latest.vib --no-sig-check
 
To remove a VIB, just use the remove command.
$ esxcli software vib remove -n doublecloud

iSCSI Management

iSCSI allows ESXi to use storages on remote iSCSC servers. The esxcli command can help to manage this feature on different layers in the stack. Again, I don’t have the set up with iSCSI support. Instead of real commands, the following commands shows mostly the help so that you can see what are theree.

~ # esxcli iscsi
Usage: esxcli iscsi {cmd} [cmd options]
 
Available Namespaces:
  adapter               Operations that can be performed on iSCSI adapters
  networkportal         Operations that can be performed on iSCSI Network Portal (iSCSI vmknic)
  physicalnetworkportal Operations that can be performed on iSCSI Physical Network Portal (vmnic)
  session               Operations that can be performed on iSCSI sessions
  ibftboot              Operations that can be performed on iSCSI IBFT boot table
  logicalnetworkportal  Operations that can be performed on iSCSI Logical Network Portal (vmknic)
  plugin                Operations that can be performed on iSCSI management plugins
  software              Operations that can be performed on software iSCSI
 
~ # esxcli iscsi adapter
Usage: esxcli iscsi adapter {cmd} [cmd options]
 
Available Namespaces:
  auth                  Operations that can be performed on iSCSI adapter authentications
  discovery             Operations that can be performed on iSCSI adapter discovery
  target                Operations that can be performed on iSCSI targets
  capabilities          Operations that can be performed on iSCSI adapter capabilities
  firmware              Operations that can be performed on iSCSI adapter firmware
  param                 Operations that can be performed on iSCSI adapter parameters
 
Available Commands:
  get                   List the iSCSI information for the iSCSI Host Bus Adapter.
  list                  List all the iSCSI Host Bus Adapters on the system.
  set                   Set the iSCSI name and alias for the iSCSI Host Bus Adapter.
~ # esxcli iscsi software
Usage: esxcli iscsi software {cmd} [cmd options]
 
Available Commands:
  get                   Software iSCSI information.
  set                   Enable or disable software iSCSI.
~ # esxcli iscsi software get
false

Network Management

ESXi has a rich set of features in networking. All the network related commands are grouped in the network namespace. To take a look at what are available there, simply type in:

~ # esxcli network
Usage: esxcli network {cmd} [cmd options]
 
Available Namespaces:
  fence                 Commands to list fence information
  firewall              A set of commands for firewall related operations
  ip                    Operations that can be performed on vmknics
  nic                   Operations having to do with the configuration of
                        Network Interface Card and getting and updating the
                        NIC settings.
  port                  Commands to get information about a port
  sriovnic              Operations having to do with the configuration of
                        SRIOV enabled Network Interface Card and getting and
                        updating the NIC settings.
  vm                    A set of commands for VM related operations
  vswitch               Commands to list and manipulate Virtual Switches on an
                        ESX host.
  diag                  Operations pertaining to network diagnostics

As you can find there are more sub-namespaces, each of which is still a big topic of itself.

Firewall Management

To find out the current firewall status, get command is the way to go:

~ # esxcli network firewall get
   Default Action: DROP
   Enabled: false
   Loaded: true

Firewall module can be unloaded or loaded using the unload and load command as follows:

~ # esxcli network firewall unload
~ # esxcli network firewall load

When firewall working, you can enable and disable the firewall as follows. You want to keep the firewall enabled all the time.

~ # esxcli network firewall set --enabled true
~ # esxcli network firewall set --enabled false

You can also set the default action of firewall to let pass everything or block everything. When true is used, the firewall lets go everything unless specified otherwise; when false is used, it blocks everything by default.

~ # esxcli network firewall set --default-action=true
~ # esxcli network firewall set --default-action=false

After you change firewall configuration, the ruleset may be out of sync with the active. To keep in sync, you can simply run the refresh command.

~ # esxcli network firewall refresh

Above is the overall control of firewall. You can fine tune each individual rule set within the ruleset namespace.

~ # esxcli network firewall ruleset list
Name                Enabled
------------------  -------
sshServer              true
sshClient              true
nfsClient              true
dhcp                   true
dns                    true
snmp                   true
ntpClient             false
CIMHttpServer          true
CIMHttpsServer         true
CIMSLP                 true
iSCSI                 false
vpxHeartbeats          true
updateManager         false
faultTolerance         true
webAccess              true
vMotion                true
vSphereClient          true
activeDirectoryAll    false
NFC                    true
HBR                    true
ftpClient             false
httpClient             true
gdbserver             false
DVFilter              false
DHCPv6                 true
DVSSync               false
syslog                false
IKED                  false
WOL                    true
vSPC                  false
remoteSerialPort      false
vprobeServer          false

You can change individual ruleset to be enabled or disabled, and change the behavior to all all IP addresses or only those specified.

~ # esxcli network firewall ruleset set --ruleset-id=syslog --enabled true --allowed-all false

Each ruleset consists of a collection of rules. You can list them using rule namespace. If you don’t provide ruleset-id as follows, you will get a long list of rules from all the rulesets.

~ # esxcli network firewall ruleset rule list --ruleset-id syslog
Ruleset  Direction  Protocol  Port Type  Port Begin  Port End
-------  ---------  --------  ---------  ----------  --------
syslog   Outbound   UDP       Dst               514       514
syslog   Outbound   TCP       Dst               514       514
syslog   Outbound   TCP       Dst              1514      1514
 
~ # esxcli network firewall ruleset allowedip add --ruleset-id syslog --ip-address=10.20.30.1   
~ # esxcli network firewall ruleset allowedip list --ruleset-id syslog                       
Ruleset  Allowed IP Addresses
-------  --------------------
syslog   10.20.30.1  
 
~ # esxcli network firewall ruleset allowedip remove --ruleset-id syslog --ip-address=10.20.30.1

Note that even with the powerful esxcli command, you can not modify much of the firewall configurations. For all the configurations, you want to go directly edit the configuration file then refresh the firewall:

~ # vi /etc/vmware/service/service.xml

Managing Fencing Switches

For this feature, you must distributed virtual switch configured; or you will see the same output as I saw here.

~ # esxcli network fence list  
Unable to find vds with fence enabled

To get all fence network bridge table entries information, you can use the following command.

~ # esxcli network fence network bte list --vds-name lab-switch1 --fence-id 10

To get all fence port info on the fence network, you can use the following command:

~ # esxcli network fence network bte list --vds-name lab-switch1 --fence-id 10

Managing IP Addresses and Configurations

To get the IPv6 related support, simply type the following.

~ # esxcli network ip get
   IPv6Enabled: true

To turn off or turn on IPv6 support, you can use the set command. Note: you have to restart the ESXi for the configuration to take effect.

~ # esxcli network ip set --ipv6-enabled false

To manage vmKernel network interfaces, you can use the interface namespace as follows:

# esxcli network ip interface add -i vmk3 -p bootPG
~ # esxcli network ip interface ipv4 get                             
Name  IPv4 Address   IPv4 Netmask   IPv4 Broadcast  Address Type  DHCP DNS
----  -------------  -------------  --------------  ------------  --------
vmk0  192.168.0.201  255.255.255.0  192.168.0.255   STATIC           false

To change the IP address for ESXi on an existing interface is easy too, but be careful with this operation because your SSH session may be terminated immediately.

# esxcli network ip interface ipv4 set -i vmk3 -I 192.168.2.2 -N 255.255.255.0 -t static

Managing DNS server

The ESXi depends on the DNS setting to resolve server names. The following commands help manage the DNS.

~ # esxcli network ip dns server add -s 8.8.8.8
~ # esxcli network ip dns server list          
   DNSServers: 192.168.0.1, 8.8.8.8
~ # esxcli network ip dns server remove -s 8.8.8.8

You also change the default search domain for the DNS settings.

~ # esxcli network ip dns search add -d doublecloud.net
~ # esxcli network ip dns search list    
   DNSSearch Domains: doublecloud.net
~ # esxcli network ip dns search remove -d doublecloud.net
 

Network Security

There are two aspects you can manage the security: security association, and security policy. There are quite a few options you can tune. Combined together, they can cover a lot of cases.

~ # esxcli network ip ipsec sa add --help
Usage: esxcli network ip ipsec sa add [cmd options]
 
Description: 
  add                   Add a Security Association.
 
Cmd options:
  -e|--encryption-algorithm=
                        Encryption algorithm for the Security Association. Should be one in set  [null, 3des-
                        cbc, aes128-cbc]. (required)
  -k|--encryption-key=
                        Encryption key(ASCII or hex). Length of hex key is dependent upon algorithm used.
                        Required when a encryption algorithm has been specified.
  -i|--integrity-algorithm=
                        Integrity algorithm for the Security Association. Should be one in set  [hmac-sha1,
                        hmac-sha2-256]. (required)
  -K|--integrity-key=
                        Integrity key(ASCII or hex). Length of hex key is dependent upon algorithm used.
                        (required)
  -d|--sa-destination=
                        Ipv6 address of Security Association destination. Can be specified as 'any' or a
                        correct IPv6 address. (required)
  -m|--sa-mode=    Security Association mode. Should be one in set  [transport, tunnel].
  -n|--sa-name=    Name for the Security Association to be added. (required)
  -s|--sa-source=  Ipv6 address of Security Association source. Can be specified as 'any' or a correct
                        IPv6 address. (required)
  -p|--sa-spi=     SPI value for the Security Association(hex). (required)
 
~ # esxcli network ip ipsec sp add --help
Usage: esxcli network ip ipsec sp add [cmd options]
 
Description: 
  add                   Add a Security Policy.
 
Cmd options:
  -A|--action=     Action for Security Policy. Should be one in set  [none, discard, ipsec].
  -P|--destination-port=
                        Destination Port for Security Policy. '0' stands for 'any' (required)
  -w|--flow-direction=
                        Flow direction for Security Policy. Should be one in set  [in, out].
  -a|--sa-name=    Name for the Security Association. Not being Specified lets vmkernel automatically
                        choose an Security Association. If no applicable Security Association exists, then
                        vmkernel may request one using IKE.
  -p|--source-port=
                        Source Port for Security Policy. '0' stands for 'any' (required)
  -d|--sp-destination=
                        Ipv6 address and prefix length of Security Policy destination. Can be specified as
                        'any' or a correct Ipv6 network address. (required)
  -m|--sp-mode=    Security Policy mode. Should be one in set  [transport, tunnel].
  -n|--sp-name=    Name for the Security Policy to be added. (required)
  -s|--sp-source=  Ipv6 address and prefix length of Security Policy source. Can be specified as 'any' or
                        a correct IPv6 network address. (required)
  -u|--upper-layer-protocol=
                        Upper layer protocol for Security Policy, Should be one in set  [any, tcp, udp,
                        icmp6].

Managing Gateways

You can manage both IPv4 and IPv6 networks. I first show the IPv4 here because the IPv6 is very similar.

~ # esxcli network ip route ipv4 list
Network      Netmask        Gateway      Interface  Source
-----------  -------------  -----------  ---------  ------
default      0.0.0.0        192.168.8.1  vmk0       MANUAL
192.168.8.0  255.255.255.0  0.0.0.0      vmk0       MANUAL

To change the gateway, try the following command. Again, you session may be terminated with invalid parameter.

~ # esxcli network ip route ipv4 add --gateway=192.168.0.1 --network=default

To remove a route, you can use remove command with same parameters as the add command. Again, be careful as your session may be terminated right away.

For the IPv6 listing of routes, you can see something similar as follows:

~ # esxcli network ip route ipv6 list                                       
Network  Netmask                Gateway  Interface
-------  ---------------------  -------  ---------
fe80::   ffff:ffff:ffff:ffff::  fe80::1  lo0      
fe80::   ffff:ffff:ffff:ffff::  ::       vmk0
ff01::   ffff:ffff::            ::1      lo0      
ff01::   ffff:ffff::            ::       vmk0     
ff02::   ffff:ffff::            ::1      lo0      
ff02::   ffff:ffff::            ::       vmk0

List Live Network Connections

At any given time, you can find out what live connections are there.

~ # esxcli network ip connection list
Proto  Recv Q  Send Q  Local Address       Foreign Address      State        World ID  World Name     
-----  ------  ------  ------------------  -------------------  -----------  --------  ---------------
tcp         0       0  127.0.0.1:8307      127.0.0.1:55067      ESTABLISHED      2931  hostd-worker   
tcp         0       0  127.0.0.1:55067     127.0.0.1:8307       ESTABLISHED      3864  rhttpproxy-work
tcp         0       0  127.0.0.1:443       127.0.0.1:50352      ESTABLISHED      2752  rhttpproxy-work
tcp         0       0  127.0.0.1:50352     127.0.0.1:443        ESTABLISHED   2333889  python

The type of connection can be filtered as follows. I intentionally used udp as it’s a lot less than the tcp connections.

~ # esxcli network ip connection list --type udp
Proto  Recv Q  Send Q  Local Address      Foreign Address  State  World ID  World Name
-----  ------  ------  -----------------  ---------------  -----  --------  ----------
udp         0       0  192.168.0.201:427  0.0.0.0:0                   2959            
udp         0       0  0.0.0.0:427        0.0.0.0:0                   2959            
udp         0       0  :::8301            :::0                        2421            
udp         0       0  :::8302            :::0                        2421            
udp         0       0  :::8200            :::0                        2548

Finding Neighbour on Network

You can use the esxcli command to list the network neighbors on the same network.

~ # esxcli network ip neighbor list
Neighbor                   Mac Address        Vmknic    Expiry  State    
-------------------------  -----------------  ------  --------  ---------
192.168.0.1                00:26:5a:cb:1f:0b  vmk0    1189 sec           
192.168.0.3                00:11:32:21:9b:09  vmk0     740 sec           
fe80::8e89:a5ff:fed2:b40f  8c:89:a5:d2:b4:0f  vmk0       0 sec  Reachable

Managing Network Interface Card (NIC)

~ # esxcli network nic list       
Name    PCI Device     Driver  Link  Speed  Duplex  MAC Address         MTU  Description                          
------  -------------  ------  ----  -----  ------  -----------------  ----  -------------------------------------
vmnic0  0000:004:00.0  r8168   Up     1000  Full    8c:89:a5:d2:b4:0f  1500  Realtek Realtek 8168 Gigabit Ethernet
 
~ # esxcli network nic set --help
Usage: esxcli network nic set [cmd options]
 
Description: 
  set                   Set the general options for the specified ethernet device.
 
Cmd options:
  -a|--auto             Set the speed and duplexity settings to autonegotiate.
  -D|--duplex=     The duplex to set this NIC to. Acceptable values are :  [full, half]
  -l|--message-level=
                        Sets the driver message level. Meaning differ per driver.
  -n|--nic-name=   The name of the NIC to configured. This must be one of the cards listed in the nic
                        list command. (required)
  -P|--phy-address=
                        Set the PHY address of the device
  -p|--port=       Selects device port. Available device ports are      aui: Select aui as the device
                        port     bnc: Select bnc as the device port     fibre: Select mii as the device port
                        mii: Select mii as the device port     tp: Select tp as the device port
  -S|--speed=     The speed to set this NIC to. Acceptable values are :  [10, 100, 1000, 10000]
  -t|--transceiver-type=
                        Selects transeiver type. Currently only internal and external can be specified, in the
                        future future types might be added. Available transeiver types are      external: Set
                        the transceiver type to external     internal: Set the transceiver type to internal
  -w|--wake-on-lan=
                        Sets Wake-on-LAN options. Not all devices support this. The argument to this option is
                        a string of characters specifying which options to enable.  p Wake on phy activity u
                        wake on unicast messages m Wake on multicast messages b wake on broadcast messages a
                        Wake on ARP g Wake on MagicPacket(tm) s Enable SecureOn(tm) password for
                        MagicPacket(tm)

To turn on NIC VLAN stats, we can use set command as follows, and then we can check the VLAN stats.

~ # esxcli network nic vlan stats set --nic-name=vmnic0 --enabled true
~ # esxcli network nic vlan stats get --nic-name=vmnic0               
VLAN 0
   Packets received: 111
   Packets sent: 221

For each NIC, you can get its stats with the stats namespace.

~ # esxcli network nic stats get --nic-name=vmnic0
NIC statistics for vmnic0
   Packets received: 76577956
   Packets sent: 166128469
   Bytes received: 26876727438
   Bytes sent: 217556196739
   Receive packets dropped: 0
   Transmit packets dropped: 0
   Total receive errors: 0
   Receive length errors: 0
   Receive over errors: 0
   Receive CRC errors: 0
   Receive frame errors: 0
   Receive FIFO errors: 0
   Receive missed errors: 0
   Total transmit errors: 0
   Transmit aborted errors: 0
   Transmit carrier errors: 0
   Transmit FIFO errors: 0
   Transmit heartbeat errors: 0
   Transmit window errors: 0

To get the current configuration of a network interface, you can use the get command with the name of the interface.

~ # esxcli network nic get --nic-name=vmnic0       
   Advertised Auto Negotiation: true
   Advertised Link Modes: 10baseT/Half, 10baseT/Full, 100baseT/Half, 100baseT/Full, 1000baseT/Full
   Auto Negotiation: true
   Cable Type: Twisted Pair
   Current Message Level: 51
   Driver Info: 
         Bus Info: 0000:04:00.0
         Driver: r8168
         Firmware Version: 
         Version: 8.013.00-NAPI
   Link Detected: true
   Link Status: Up 
   Name: vmnic0
   PHYAddress: 0
   Pause Autonegotiate: false
   Pause RX: false
   Pause TX: false
   Supported Ports: TP
   Supports Auto Negotiation: true
   Supports Pause: false
   Supports Wakeon: true
   Transceiver: internal
   Wakeon: MagicPacket(tm)

You can set the NIC with different parameters like speed, duplex mode. For easy life, you can simply use the –auto option which let the ESXi automatically negoatiate these with other system. When you have –auto option, you must not specify the speed and duplex mode. NOTE: if you use SSH to your ESXi server, be careful not to mess up the NIC underlying.

~ # esxcli network nic set --nic-name=vmnic0 --auto --wake-on-lan=p

For a particular NIC adapter, you can also turn it on and off. Be careful not to turn off the NIC underlying your SSH session, or you have to have physical access or IPMI.

~ # esxcli network nic up --nic-name=vmnic0
~ # esxcli network nic down --nic-name=vmnic0

Virtual Machine Related Networking

To list all the virtual machines and their ports and networks they connect to, use the list command as follows.

~ # esxcli network vm list              
World ID  Name                     Num Ports  Networks  
--------  -----------------------  ---------  ----------
   42898  vCenter_VA                       1  VM Network
   44126  ESXi60                           1  VM Network
  879855  CentOS64Web                      1  VM Network

Further down the port namespace, we can get more details of ports used by a specific virtual machine which is identified by the world id. Please note that you can also find the uplink port ID, which can used as normal VM port ID for its stats and filters.

~ # esxcli network vm port list --world-id=42898
   Port ID: 33554439
   vSwitch: vSwitch0
   Portgroup: VM Network
   DVPort ID: 
   MAC Address: 00:0c:29:7b:a1:f4
   IP Address: 0.0.0.0
   Team Uplink: vmnic0
   Uplink Port ID: 33554434
   Active Filters:

Getting Port Related Stats and Filters

For each port, you can get the stats based its port number. The following command shows what are included in the stats.

~ # esxcli network port stats get --portid=33554439
Packet statistics for port 33554439
   Packets received: 2692640
   Packets sent: 3076405
   Bytes received: 2131115950
   Bytes sent: 522406213
   Broadcast packets received: 115193
   Broadcast packets sent: 213179
   Multicast packets received: 25794
   Multicast packets sent: 10
   Unicast packets received: 2551653
   Unicast packets sent: 2863216
   Receive packets dropped: 0
   Transmit packets dropped: 0

To get port filter related stats, run the following command. Somehow I don’t have filter therefore nothing is shown in output.

~ # esxcli network port filter stats get --portid=33554434

Managing SR-IOV

SR-IOV stands for Single Root I/O Virtualization. It allow one PCI device appears as multiple NIC cards to the hypervisor. Scott Lowe has a nice blog post on this topic.

To list the NICs that support SR-IOV, and list the virtual functions (VF) on a nic, run the following commands.

~ # esxcli network sriovnic list
~ # esxcli network sriovnic vf list --nic-name=vmnic0

There is no SRIOV Nic with name vmnic0

Managing Virtual Switches

The standard and distributed virtual switch are in two parallel namespaces. They allow lots of control over virtual switches.

To list all the virtual switches, use the list command as follows:

~ # esxcli network vswitch standard list
vSwitch0
   Name: vSwitch0
   Class: etherswitch
   Num Ports: 128
   Used Ports: 11
   Configured Ports: 128
   MTU: 1500
   CDP Status: listen
   Beacon Enabled: false
   Beacon Interval: 1
   Beacon Threshold: 3
   Beacon Required By: 
   Uplinks: vmnic0
   Portgroups: VM Network, Management Network

To create a new virtual switch, use the add command with port number and name.

~ # esxcli network vswitch standard add --vswitch-name="LabOnly" --ports=1024

The newly created virtual switch takes default for mtu, and cdp, but you can change them using the set command with the options below.

Cmd options:
  -c|--cdp-status= The CDP status of the given virtual switch. It can be 'down', 'listen', 'advertise' or
                        'both'
  -m|--mtu=       The MTU size of the given virtual switch.
  -v|--vswitch-name=
                        The name of virtual switch to apply the configurations. (required)

You can delete a virtual switch by the remove command

~ # esxcli network vswitch standard remove --vswitch-name=LabOnly

There are many policies you can change with esxcli command, namely failover, security, shaping. You can set these policies using the set command under the corresponding namespace. The name for the virtual switch is case sensitive.

~ # esxcli network vswitch standard policy failover get --vswitch-name=vSwitch1 
   Load Balancing: srcport
   Network Failure Detection: link
   Notify Switches: true
   Failback: true
   Active Adapters: 
   Standby Adapters: 
   Unused Adapters: 
~ # esxcli network vswitch standard policy security get --vswitch-name=vSwitch1
   Allow Promiscuous: false
   Allow MAC Address Change: true
   Allow Forged Transmits: true
~ # esxcli network vswitch standard policy shaping get --vswitch-name=vSwitch1 
   Enabled: false
   Average Bandwidth: -1 Kbps
   Peak Bandwidth: -1 Kbps
   Burst Size: -1 Kib

To add a new uplink to a virtual switch, you can run the following command. The uplink name must be a valid pnic name.

# esxcli network vswitch standard uplink add --vswitch-name=vSwitch1 --uplink-name=vmnic0

To remove an uplink, just use the remove commmand

# esxcli network vswitch standard uplink remove --vswitch-name=vSwitch1 --uplink-name=vmnic0

Managing Port Groups

Port group is a “virtual” concept. It defines a common behavior for a group of ports.

~ # esxcli network vswitch standard portgroup list
Name                Virtual Switch  Active Clients  VLAN ID
------------------  --------------  --------------  -------
Management Network  vSwitch0                     1        0
Private VM Network  vSwitch1                     0        0
VM Network          vSwitch0                     7        0

To add a new port group, use the add command

~ # esxcli network vswitch standard portgroup add --vswitch-name=vSwitch1 --portgroup-name="SysTest"

To remove a port group, use the remove command:

~ # esxcli network vswitch standard portgroup remove --portgroup-name=SysTest --vswitch-name=vSwitch1

You can change the VLAN ID with set command. Note that this may affect the network connectivity.

~ # esxcli network vswitch standard portgroup set --portgroup-name="VM Network" --vlan-id=100

There are similar policies that are associated with port groups as with the virtual switch. The following shows 3 commands and you can see what are included in the policy.

~ # esxcli network vswitch standard portgroup policy failover get --portgroup-name="VM Network"
   Load Balancing: srcport
   Network Failure Detection: link
   Notify Switches: true
   Failback: true
   Active Adapters: vmnic0
   Standby Adapters: 
   Unused Adapters: 
   Override Vswitch Load Balancing: false
   Override Vswitch Network Failure Detection: false
   Override Vswitch Notify Switches: false
   Override Vswitch Failback: false
   Override Vswitch Uplinks: false
~ # esxcli network vswitch standard portgroup policy security get --portgroup-name="VM Network"
   Allow Promiscuous: true
   Allow MAC Address Change: true
   Allow Forged Transmits: true
   Override Vswitch Allow Promiscuous: true
   Override Vswitch Allow MAC Address Change: false
   Override Vswitch Allow Forged Transmits: false
~ # esxcli network vswitch standard portgroup policy shaping get --portgroup-name="VM Network" 
   Enabled: false
   Average Bandwidth: -1 Kbps
   Peak Bandwidth: -1 Kbps
   Burst Size: -1 Kib
   Override Vswitch Enabled: false
   Override Vswitch Average Bandwidth: false
   Override Vswitch Peak Bandwidth: false
   Override Vswitch Burst Size: false

Distributed Virtual Switch

Distributed virtual switch is similar to standard virtual switch but the control is centralized in vCenter server. The esxcli command allows control of the vmware virtual switch. For the Cisco Nexus 1000v, you can use their own command line that I introduced before.

~ # esxcli network vswitch dvs vmware
Usage: esxcli network vswitch dvs vmware {cmd} [cmd options]

Available Namespaces:
lacp A set of commands for LACP related operations
vxlan A set of commands for VXLAN related operations

Available Commands:
list List the VMware vSphere Distributed Switch currently configured on the ESXi host.

Diagnosing Network Connection with Ping

The ping command is very useful for testing network connection. The esxcli command comes with a handy one as well with additional controls. I found it’s extremely helpful when I tested the jumbo frame configuration for my ESXi to a NAS server.

~ # esxcli network diag ping --ipv4 --host=192.168.11.3 --size=9000
   Summary: 
         Duplicated: 0
         Host Addr: 192.168.11.3
         Packet Lost: 100
         Recieved: 0
         Roundtrip Avg MS: -2147483648
         Roundtrip Max MS: 0
         Roundtrip Min MS: 999999000
         Transmitted: 3
   Trace:

There are more options as shown in the following.

Cmd options:
  -c|--count=     Specify the number of packets to send.
  -D|--debug            VMKPing debug mode.
  -d|--df               Set DF bit on IPv4 packets.
  -H|--host=       Specify the host to send packets to. (required)
  -I|--interface=  Specify the outgoing interface.
  -i|--interval=  Set the interval for sending packets in seconds.
  -4|--ipv4             Ping with ICMPv4 echo requests.
  -6|--ipv6             Ping with ICMPv6 echo requests.
  -N|--nexthop=    Override the system's default route selection, in dotted quad notation. (IPv4 only.
                        Requires interface option)
  -s|--size=      Set the payload size of the packets to send.
  -t|--ttl=       Set IPv4 Time To Live or IPv6 Hop Limit
  -W|--wait=      Set the timeout to wait if no responses are received in seconds.

Managing Storage

The storage is another heavy aspect of ESXi management. It includes 6 different sub namespaces, each of which is a big topic by itself.

~ # esxcli storage        
Usage: esxcli storage {cmd} [cmd options]
 
Available Namespaces:
  core                  VMware core storage commands.
  nmp                   VMware Native Multipath Plugin (NMP). This is the VMware default implementation of the
                        Pluggable Storage Architecture.
  san                   IO device management operations to the SAN devices on the system.
  vmfs                  VMFS operations.
  filesystem            Operations pertaining to filesystems, also known as datastores, on the ESX host.
  nfs                   Operations to create, manage and remove Network Attached Storage filesystems.

Managing NFS

To list all the NFS volumes that are already mounted on the host, just run the list command.

~ # esxcli storage nfs list
Volume Name  Host         Share         Accessible  Mounted  Read-Only  Hardware Acceleration
-----------  -----------  ------------  ----------  -------  ---------  ---------------------
vms          192.168.0.3  /volume1/vms        true     true      false  Not Supported

To add a new NFS volume, you want to use the add command:

~ # esxcli storage nfs add --host=192.168.0.3 --share="/volume1/vms" --volume-name=vms

To remove an existing volume, then the remove command is handy.

~ # esxcli storage nfs remove --volume-name=vms2

Managing File System

To list all the mount points, you can run the following command. You can check out the volume names, types, size, free space.

~ # esxcli storage filesystem list
Mount Point                                        Volume Name  UUID                                 Mounted  Type             Size           Free
-------------------------------------------------  -----------  -----------------------------------  -------  ------  -------------  -------------
/vmfs/volumes/f3956571-cbbda790                    vms          f3956571-cbbda790                       true  NFS     2948716871680  2898078482432
/vmfs/volumes/50cdcb68-6fc8e606-bb76-8c89a5d2b40f  datastore1   50cdcb68-6fc8e606-bb76-8c89a5d2b40f     true  VMFS-5  1995012308992  1672298364928
/vmfs/volumes/50cdcb6a-6cac08ca-6b16-8c89a5d2b40f               50cdcb6a-6cac08ca-6b16-8c89a5d2b40f     true  vfat       4293591040     4255121408
/vmfs/volumes/ce5db771-45edfd5c-a23e-edcce43edff3               ce5db771-45edfd5c-a23e-edcce43edff3     true  vfat        261853184      125370368
/vmfs/volumes/7431f671-c7c192c1-91ce-5255b286bbb3               7431f671-c7c192c1-91ce-5255b286bbb3     true  vfat        261853184      261844992
/vmfs/volumes/50cdcb4f-7e8fc89e-7ed1-8c89a5d2b40f               50cdcb4f-7e8fc89e-7ed1-8c89a5d2b40f     true  vfat        299712512       87957504

With changes on the file system, you can also run the following command to rescan and automatically mount those unmounted.

~ # esxcli storage filesystem rescan
~ # esxcli storage filesystem automount

To unmount a volume, use the unmount command with label or UUID.

~ # esxcli storage filesystem unmount --help
Usage: esxcli storage filesystem unmount [cmd options]
 
Description: 
  unmount               Disconnect and unmount and existing VMFS or NAS volume. This will not delete the configuration for the volume, but will
                        remove the volume from the list of mounted volumes.
 
Cmd options:
  -n|--no-persist       Unmount the volume non-peristently; the volume will be automounted after a restart.
  -l|--volume-label=
                        The label of the volume to unmount.
  -p|--volume-path=
                        The path of the volume to unmount.
  -u|--volume-uuid=
                        The uuid of the volume to unmount.

Managing VMFS System

~ # esxcli storage vmfs upgrade --volume-label=datastore1
In-place upgrade of VMFS5is not supported on this platform
 
~ # esxcli storage vmfs extent list 
Volume Name  VMFS UUID                            Extent Number  Device Name                                                               Partition
-----------  -----------------------------------  -------------  ------------------------------------------------------------------------  ---------
datastore1   50cdcb68-6fc8e606-bb76-8c89a5d2b40f              0  t10.ATA_____Hitachi_HDS723020BLA642___________LENOVO______MN1240FA09DU5D          3

There are also snapshot feature that can be managed by a few commands.

~ # esxcli storage vmfs snapshot
Usage: esxcli storage vmfs snapshot {cmd} [cmd options]
 
Available Namespaces:
  extent                Manage VMFS snapshot extents.
 
Available Commands:
  list                  List unresolved snapshots/replicas of VMFS volume.
  mount                 Mount a snapshot/replica of a VMFS volume.
  resignature           Resignature a snapshot/replica of a VMFS volume.

Managing SAN Storage

As I don’t have SAN storage in my lab, I won’t go deeper on this, but show the help of the command. You can drill down and give it try by yourself.

~ # esxcli storage san
Usage: esxcli storage san {cmd} [cmd options]
 
Available Namespaces:
  fc                    IO Device Management operations to the FC adapters on the system.
  fcoe                  IO Device Management operations to the FCoE adapters on the system.
  iscsi                 IO Device Management operations to the Software iSCSI adapters on the system.
  sas                   IO Device Management operations to the SAS adapters on the system.

Managing Native Multi-Path

~ # esxcli storage nmp path list
sata.vmhba35-sata.0:0-mpx.vmhba35:C0:T0:L0
   Runtime Name: vmhba35:C0:T0:L0
   Device: mpx.vmhba35:C0:T0:L0
   Device Display Name: Local PLDS CD-ROM (mpx.vmhba35:C0:T0:L0)
   Group State: active
   Array Priority: 0
   Storage Array Type Path Config: SATP VMW_SATP_LOCAL does not support path configuration.
   Path Selection Policy Path Config: {current: yes; preferred: yes}
 
sata.vmhba0-sata.0:0-t10.ATA_____Hitachi_HDS723020BLA642___________LENOVO______MN1240FA09DU5D
   Runtime Name: vmhba0:C0:T0:L0
   Device: t10.ATA_____Hitachi_HDS723020BLA642___________LENOVO______MN1240FA09DU5D
   Device Display Name: Local ATA Disk (t10.ATA_____Hitachi_HDS723020BLA642___________LENOVO______MN1240FA09DU5D)
   Group State: active
   Array Priority: 0
   Storage Array Type Path Config: SATP VMW_SATP_LOCAL does not support path configuration.
   Path Selection Policy Path Config: {current: yes; preferred: yes}

We can also list the devices involved in Native Multipath:

~ # esxcli storage nmp device list
t10.ATA_____Hitachi_HDS723020BLA642___________LENOVO______MN1240FA09DU5D
   Device Display Name: Local ATA Disk (t10.ATA_____Hitachi_HDS723020BLA642___________LENOVO______MN1240FA09DU5D)
   Storage Array Type: VMW_SATP_LOCAL
   Storage Array Type Device Config: SATP VMW_SATP_LOCAL does not support device configuration.
   Path Selection Policy: VMW_PSP_FIXED
   Path Selection Policy Device Config: {preferred=vmhba0:C0:T0:L0;current=vmhba0:C0:T0:L0}
   Path Selection Policy Device Custom Config: 
   Working Paths: vmhba0:C0:T0:L0
   Is Local SAS Device: false
   Is Boot USB Device: false
 
mpx.vmhba35:C0:T0:L0
   Device Display Name: Local PLDS CD-ROM (mpx.vmhba35:C0:T0:L0)
   Storage Array Type: VMW_SATP_LOCAL
   Storage Array Type Device Config: SATP VMW_SATP_LOCAL does not support device configuration.
   Path Selection Policy: VMW_PSP_FIXED
   Path Selection Policy Device Config: {preferred=vmhba35:C0:T0:L0;current=vmhba35:C0:T0:L0}
   Path Selection Policy Device Custom Config: 
   Working Paths: vmhba35:C0:T0:L0
   Is Local SAS Device: false
   Is Boot USB Device: false

Multipath policy can also be configured using different plugins, which are listed as follows:

~ # esxcli storage nmp psp list
Name           Description                      
-------------  ---------------------------------
VMW_PSP_MRU    Most Recently Used Path Selection
VMW_PSP_RR     Round Robin Path Selection       
VMW_PSP_FIXED  Fixed Path Selection

To list the configuration of a particular policy, we can use the following command (The device value is a little bit long but you can copy and paste it from the list command)

~ # esxcli storage nmp psp fixed deviceconfig get --device=mpx.vmhba35:C0:T0:L0
   Configured Preferred Path: 
   Device: mpx.vmhba35:C0:T0:L0
   Preferred Path: vmhba35:C0:T0:L0
~ # esxcli storage nmp psp generic deviceconfig get --device=mpx.vmhba35:C0:T0:L0
{preferred=vmhba35:C0:T0:L0;current=vmhba35:C0:T0:L0}
~ # esxcli storage nmp psp roundrobin deviceconfig get --device=mpx.vmhba35:C0:T0:L0
Device mpx.vmhba35:C0:T0:L0 Does not use the Round Robin path selection policy.

To list all the storage array plugin (SATP), the following command is handy.

~ # esxcli storage nmp satp list
Name                 Default PSP    Description                               
-------------------  -------------  ------------------------------------------
VMW_SATP_MSA         VMW_PSP_MRU    Placeholder (plugin not loaded)           
VMW_SATP_ALUA        VMW_PSP_MRU    Placeholder (plugin not loaded)           
VMW_SATP_DEFAULT_AP  VMW_PSP_MRU    Placeholder (plugin not loaded)           
VMW_SATP_SVC         VMW_PSP_FIXED  Placeholder (plugin not loaded)           
VMW_SATP_EQL         VMW_PSP_FIXED  Placeholder (plugin not loaded)           
VMW_SATP_INV         VMW_PSP_FIXED  Placeholder (plugin not loaded)           
VMW_SATP_EVA         VMW_PSP_FIXED  Placeholder (plugin not loaded)           
VMW_SATP_ALUA_CX     VMW_PSP_RR     Placeholder (plugin not loaded)           
VMW_SATP_SYMM        VMW_PSP_RR     Placeholder (plugin not loaded)           
VMW_SATP_CX          VMW_PSP_MRU    Placeholder (plugin not loaded)           
VMW_SATP_LSI         VMW_PSP_MRU    Placeholder (plugin not loaded)           
VMW_SATP_DEFAULT_AA  VMW_PSP_FIXED  Supports non-specific active/active arrays
VMW_SATP_LOCAL       VMW_PSP_FIXED  Supports direct attached devices

To change the SATP, the following options are needed.

~ # esxcli storage nmp satp set --help
Usage: esxcli storage nmp satp set [cmd options]
 
Description: 
  set                   Set the default Path Selection Policy for a given Storage Array Type Plugin (SATP).
 
Cmd options:
  -b|--boot             This is a system default rule added at boot time. Do not modify esx.conf or add to host profile.
  -P|--default-psp=
                        The default path selection policy to set for a given --satp  (required)
  -s|--satp=       The SATP name for the Storage Array Type Plugin on which this command will operate. (required)

Core Storage

The following command lists all the storage adapters on the host,

~ # esxcli storage core adapter list
HBA Name  Driver  Link State  UID           Description                                               
--------  ------  ----------  ------------  ----------------------------------------------------------
vmhba0    ahci    link-n/a    sata.vmhba0   (0:0:31.2) Intel Corporation Panther Point AHCI Controller
vmhba33   ahci    link-n/a    sata.vmhba33  (0:0:31.2) Intel Corporation Panther Point AHCI Controller
vmhba34   ahci    link-n/a    sata.vmhba34  (0:0:31.2) Intel Corporation Panther Point AHCI Controller
vmhba35   ahci    link-n/a    sata.vmhba35  (0:0:31.2) Intel Corporation Panther Point AHCI Controller
vmhba36   ahci    link-n/a    sata.vmhba36  (0:0:31.2) Intel Corporation Panther Point AHCI Controller
vmhba37   ahci    link-n/a    sata.vmhba37  (0:0:31.2) Intel Corporation Panther Point AHCI Controller

To make sure the adapters are found, run the rescan all command.

~ # esxcli storage core adapter rescan --all

IO statistics are also available with the following command. More lines are actually there, but skipped here to save space.

~ # esxcli storage core adapter stats get
vmhba0
   Successful Commands: 22831456
   Blocks Read: 582070835
   Blocks Written: 401568853
   Read Operations: 12365270
   Write Operations: 10407137
   Reserve Operations: 710
   Reservation Conflicts: 0
   Failed Commands: 25975
   Failed Blocks Read: 132581
   Failed Blocks Written: 283880
   Failed Read Operations: 4255
   Failed Write Operations: 20791
   Failed Reserve Operations: 0
   Total Splits: 0
   PAE Commands: 0

To list storage adapters, the following command works.

~ # esxcli storage core device list
t10.ATA_____Hitachi_HDS723020BLA642___________LENOVO______MN1240FA09DU5D
   Display Name: Local ATA Disk (t10.ATA_____Hitachi_HDS723020BLA642___________LENOVO______MN1240FA09DU5D)
   Has Settable Display Name: true
   Size: 1907729
   Device Type: Direct-Access 
   Multipath Plugin: NMP
   Devfs Path: /vmfs/devices/disks/t10.ATA_____Hitachi_HDS723020BLA642___________LENOVO______MN1240FA09DU5D
   Vendor: ATA     
   Model: Hitachi HDS72302
   Revision: MN6O
   SCSI Level: 5
   Is Pseudo: false
   Status: on
   Is RDM Capable: false
   Is Local: true
   Is Removable: false
   Is SSD: false
   Is Offline: false
   Is Perennially Reserved: false
   Queue Full Sample Size: 0
   Queue Full Threshold: 0
   Thin Provisioning Status: unknown
   Attached Filters: 
   VAAI Status: unknown
   Other UIDs: vml.01000000002020202020204d4e313234304641303944553544486974616368
   Is Local SAS Device: false
   Is Boot USB Device: false
 
~ # esxcli storage core device smart get --device-name=t10.ATA_____Hitachi_HDS723020BLA642___________LENOVO______MN1240FA09DU5D
Parameter                     Value  Threshold  Worst
----------------------------  -----  ---------  -----
Health Status                 OK     N/A        N/A  
Media Wearout Indicator       N/A    N/A        N/A  
Write Error Count             N/A    N/A        N/A  
Read Error Count              100    16         100  
Power-on Hours                98     0          98   
Power Cycle Count             100    0          100  
Reallocated Sector Count      100    5          100  
Raw Read Error Rate           100    16         100  
Drive Temperature             181    0          181  
Driver Rated Max Temperature  N/A    N/A        N/A  
Write Sectors TOT Count       200    0          200  
Read Sectors TOT Count        N/A    N/A        N/A  
Initial Bad Block Count       N/A    N/A        N/A

Get device statistics

~ # esxcli storage core device stats get
t10.ATA_____Hitachi_HDS723020BLA642___________LENOVO______MN1240FA09DU5D
   Device: t10.ATA_____Hitachi_HDS723020BLA642___________LENOVO______MN1240FA09DU5D
   Successful Commands: 24676085
   Blocks Read: 624508799
   Blocks Written: 434893836
   Read Operations: 13214112
   Write Operations: 11411077
   Reserve Operations: 710
   Reservation Conflicts: 0
   Failed Commands: 27910
   Failed Blocks Read: 39323
   Failed Blocks Written: 311962
   Failed Read Operations: 4481
   Failed Write Operations: 23000
   Failed Reserve Operations: 0
 
mpx.vmhba35:C0:T0:L0
   Device: mpx.vmhba35:C0:T0:L0
   Successful Commands: 0
   Blocks Read: 0
   Blocks Written: 0
   Read Operations: 0
   Write Operations: 0
   Reserve Operations: 0
   Reservation Conflicts: 0
   Failed Commands: 17197
   Failed Blocks Read: 0
   Failed Blocks Written: 0
   Failed Read Operations: 16
   Failed Write Operations: 0
   Failed Reserve Operations: 0

To get a list of the worlds that are currently using devices on the ESX host, the following command is used:

~ # esxcli storage core device world list
Device                                                                    World ID  Open Count  World Name
------------------------------------------------------------------------  --------  ----------  ----------
t10.ATA_____Hitachi_HDS723020BLA642___________LENOVO______MN1240FA09DU5D         0           1            
t10.ATA_____Hitachi_HDS723020BLA642___________LENOVO______MN1240FA09DU5D      2056           2  idle0    
 
~ # esxcli storage core device partition list         
Device                                                                    Partition  Start Sector  End Sector  Type           Size
------------------------------------------------------------------------  ---------  ------------  ----------  ----  -------------
t10.ATA_____Hitachi_HDS723020BLA642___________LENOVO______MN1240FA09DU5D          0             0  3907029168     0  2000398934016
t10.ATA_____Hitachi_HDS723020BLA642___________LENOVO______MN1240FA09DU5D          1            64        8192     0        4161536
t10.ATA_____Hitachi_HDS723020BLA642___________LENOVO______MN1240FA09DU5D          2       1843200    10229760     6     4293918720
t10.ATA_____Hitachi_HDS723020BLA642___________LENOVO______MN1240FA09DU5D          3      10229760  3907029135    fb  1995161280000
t10.ATA_____Hitachi_HDS723020BLA642___________LENOVO______MN1240FA09DU5D          5          8224      520192     6      262127616
t10.ATA_____Hitachi_HDS723020BLA642___________LENOVO______MN1240FA09DU5D          6        520224     1032192     6      262127616
t10.ATA_____Hitachi_HDS723020BLA642___________LENOVO______MN1240FA09DU5D          7       1032224     1257472    fc      115326976
t10.ATA_____Hitachi_HDS723020BLA642___________LENOVO______MN1240FA09DU5D          8       1257504     1843200     6      299876352

Optionally, we can list the partitions with their GUID as follows:

~ # esxcli storage core device partition showguid     
Device                                                                    Partition  Layout  GUID                            
------------------------------------------------------------------------  ---------  ------  --------------------------------
t10.ATA_____Hitachi_HDS723020BLA642___________LENOVO______MN1240FA09DU5D          0  GPT     00000000000000000000000000000000
t10.ATA_____Hitachi_HDS723020BLA642___________LENOVO______MN1240FA09DU5D          1  GPT     c12a7328f81f11d2ba4b00a0c93ec93b
t10.ATA_____Hitachi_HDS723020BLA642___________LENOVO______MN1240FA09DU5D          2  GPT     ebd0a0a2b9e5443387c068b6b72699c7
t10.ATA_____Hitachi_HDS723020BLA642___________LENOVO______MN1240FA09DU5D          3  GPT     aa31e02a400f11db9590000c2911d1b8
t10.ATA_____Hitachi_HDS723020BLA642___________LENOVO______MN1240FA09DU5D          5  GPT     ebd0a0a2b9e5443387c068b6b72699c7
t10.ATA_____Hitachi_HDS723020BLA642___________LENOVO______MN1240FA09DU5D          6  GPT     ebd0a0a2b9e5443387c068b6b72699c7
t10.ATA_____Hitachi_HDS723020BLA642___________LENOVO______MN1240FA09DU5D          7  GPT     9d27538040ad11dbbf97000c2911d1b8
t10.ATA_____Hitachi_HDS723020BLA642___________LENOVO______MN1240FA09DU5D          8  GPT     ebd0a0a2b9e5443387c068b6b72699c7

To list all devices that were detached manually by changing their state on the system, run the following command. This is related to the ESXi feature of pluggable storage architectures (PSA).

~ # esxcli storage core device detached list

For the VAAI feature, we can get their status. In my case, it’s not used at all therefore no much to show.

~ # esxcli storage core device vaai status get
t10.ATA_____Hitachi_HDS723020BLA642___________LENOVO______MN1240FA09DU5D
   VAAI Plugin Name: 
   ATS Status: unsupported
   Clone Status: unsupported
   Zero Status: supported
   Delete Status: unsupported
 
mpx.vmhba35:C0:T0:L0
   VAAI Plugin Name: 
   ATS Status: unsupported
   Clone Status: unsupported
   Zero Status: unsupported
   Delete Status: unsupported

To list all the SCSI paths on the system, use the following command:

~ # esxcli storage core path list
sata.vmhba35-sata.0:0-mpx.vmhba35:C0:T0:L0
   UID: sata.vmhba35-sata.0:0-mpx.vmhba35:C0:T0:L0
   Runtime Name: vmhba35:C0:T0:L0
   Device: mpx.vmhba35:C0:T0:L0
   Device Display Name: Local PLDS CD-ROM (mpx.vmhba35:C0:T0:L0)
   Adapter: vmhba35
   Channel: 0
   Target: 0
   LUN: 0
   Plugin: NMP
   State: active
   Transport: sata
   Adapter Identifier: sata.vmhba35
   Target Identifier: sata.0:0
   Adapter Transport Details: Unavailable or path is unclaimed
   Target Transport Details: Unavailable or path is unclaimed
   Maximum IO Size: 131072

For each path, it can be set active, or off using the set command.

~ # esxcli storage core path set --help
Usage: esxcli storage core path set [cmd options]
 
Description: 
  set                   Provide control to allow a user to modify a single path's state. This efffectively allows a user to
                        enable or disable SCSI paths. The user is not able to change the full range of path states, but can
                        toggle between 'active' and 'off'. Please NOTE changing the Path state on any path that is the only path
                        to a given device is likely to fail. The VMkernel will not change the path's state if changing the state
                        would cause an 'All paths down' state or the device is currently in use.
 
Cmd options:
  -p|--path=       Select the path to set path state on. This can be a Runtime Name or Path UID (required)
  --state=         Set the SCSI path state for a the specific path given. Valid values are :      active: Set the path's
                        state to active. This may be immediately changed by the system to another state if the active state is
                        not appropriate.     off: Administratively disable this path.  (required)

For path level stats, the following command can be used:

~ # esxcli storage core path stats get
sata.vmhba35-sata.0:0-mpx.vmhba35:C0:T0:L0
   UID: sata.vmhba35-sata.0:0-mpx.vmhba35:C0:T0:L0
   Runtime Name: vmhba35:C0:T0:L0
   Successful Commands: 4
   Blocks Read: 0
   Blocks Written: 0
   Read Operations: 0
   Write Operations: 0
   Reserve Operations: 0
   Reservation Conflicts: 0
   Failed Commands: 29658
   Failed Blocks Read: 0
   Failed Blocks Written: 0
   Failed Read Operations: 17
   Failed Write Operations: 0
   Failed Reserve Operations: 0
   Total Splits: 17247
   PAE Commands: 0

To list plugins in the system, the following command is used:

~ # esxcli storage core plugin list
Plugin name  Plugin class
-----------  ------------
NMP          MP

To allow automatic claiming process of PSA, the autoclaim can be used. By default, it’s enabled and should not be turned off.

~ # esxcli storage core claiming autoclaim --enabled true
 
For the automatic claiming, rules can be used. The following command lists all the rules:
~ # esxcli storage core claimrule list
Rule Class   Rule  Class    Type       Plugin     Matches                          
----------  -----  -------  ---------  ---------  ---------------------------------
MP              0  runtime  transport  NMP        transport=usb                    
MP              1  runtime  transport  NMP        transport=sata                   
MP              2  runtime  transport  NMP        transport=ide                    
MP              3  runtime  transport  NMP        transport=block                  
MP              4  runtime  transport  NMP        transport=unknown                
MP            101  runtime  vendor     MASK_PATH  vendor=DELL model=Universal Xport
MP            101  file     vendor     MASK_PATH  vendor=DELL model=Universal Xport
MP          65535  runtime  vendor     NMP        vendor=* model=*

New rules can also be added into the rule set. The command expects a few parameters, but the help is probably the best – it comes with a few examples.

~ # esxcli storage core claimrule add --help
Usage: esxcli storage core claimrule add [cmd options]
 
Description: 
  add                   Add a claimrule to the set of claimrules on the system.
 
Cmd options:
  -A|--adapter=    Indicate the adapter of the paths to use in this operation.
  -u|--autoassign       The system will auto assign a rule id.
  -C|--channel=   Indicate the channel of the paths to use in this operation.
  -c|--claimrule-class=
                        Indicate the claim rule class to use in this operation [MP, Filter, VAAI].
  -d|--device=     Indicate the Device Uid to use for this operation.
  -D|--driver=     Indicate the driver of the paths to use in this operation.
  -f|--force            Force claim rules to ignore validity checks and install the rule anyway.
  --if-unset=      Execute this command if this advanced user variable is not set to 1
  -i|--iqn=        Indicate the iSCSI Qualified Name for the target to use in this operation.
  -L|--lun=       Indicate the LUN of the paths to use in this operation.
  -M|--model=      Indicate the model of the paths to use in this operation.
  -P|--plugin=     Indicate which PSA plugin to use for this operation. (required)
  -r|--rule=      Indicate the rule ID to use for this operation.
  -T|--target=    Indicate the target of the paths to use in this operation.
  -R|--transport=  Indicate the transport of the paths to use in this operation.  Valid Values are:  [block, fc, iscsi,
                        iscsivendor, ide, sas, sata, usb, parallel, unknown]
  -t|--type=       Indicate which type of matching used for claim/unclaim or claimrule. Valid values are:  [vendor,
                        location, driver, transport, device, target] (required)
  -V|--vendor=     Indicate the vendor of the paths to user in this operation.
  --wwnn=          Indicate the World-Wide Node Number for the target to use in this operation.
  --wwpn=          Indicate the World-Wide Port Number for the target to use in this operation.
 
Examples:
 
  Add rule #321 for the Filter plugin type that will claim the given device for the VAAI Filter plugin
# esxcli storage core claimrule add -r 321 -t device -P VAAI_FILTER --claimrule-class=Filter --device=mpx.vmhba0 
 
  Add rule #321 for the VAAI plugin type that will claim the given device for the VMW_VAAIP_SYMM plugin
# esxcli storage core claimrule add -r 321 -t device -P VMW_VAAIP_SYMM --claimrule-class=VAAI --device=naa.1234 
 
  Add rule #321 that will claim the path on adapter vmhba0, channel 0, target 0, LUN 0 for the NMP plugin
# esxcli storage core claimrule add -r 321 -t location -A vmhba0 -C 0 -T 0 -L 0 -P NMP 
 
  Add rule #429 for the MP claim rule type that will claim all paths provided by an adapter with the mptscsi driver for the MASK_PATH plugin.
# esxcli storage core claimrule add -r 429 -t driver -D mptscsi -P MASK_PATH --claimrule-class=MP 
 
  Add rule #914 to claim all paths with a vendor string matching "VMWARE" and a model string "Virtual"  for the NMP plugin
# esxcli storage core claimrule add -r 914 -t vendor -V VMWARE -M Virtual -P NMP 
 
  Add rule #1015 to claim all paths provided by Fibre Channel type adapters for the NMP plugin.
# esxcli storage core claimrule add -r 1015 -t transport -R fc -P NMP 
 
  Add rule #429 to claim all paths provided by Fibre Channel Target on given WWNN and WWPN.
# esxcli storage core claimrule add -r 429 -P NMP -t target -R fc --wwnn 50:06:01:60:ba:60:11:53 --wwpn 50:06:01:60:3a:60:11:53  
 
  Add rule #429 to claim paths to LUN 5 provided by iSCSI Target on given IQN.
# esxcli storage core claimrule add -r 429 -P NMP -t target -R iscsi --iqn iqn.2001-04.com.example:storage.disk2.sys1.xyz --lun 5  
 
  Add a rule with a system assigned rule id to claim all paths provided by Fibre Channel type adapters for the NMP plugin.
# esxcli storage core claimrule add --autoassign -t transport -R fc -P NMP

Managing System Wide Settings

This section involves global setting for the ESXi management.

Get ESXi Boot Device

~ # esxcli system boot device get
   Boot Filesystem UUID: ce5db771-45edfd5c-a23e-edcce43edff3
   Boot NIC: 
   Stateless Boot NIC:

Managing Core Dump

The ESXi core can be dumped to a network server if you configure it as follows:

~ # esxcli system coredump network set --interface-name=vmk0 --server-ipv4=192.168.0.3
~ # esxcli system coredump network set --enable true         
 
~ # esxcli system coredump network get
   Enabled: true
   Host VNic: vmk0
   Network Server IP: 192.168.0.3
   Network Server Port: 6500

Core can aso be dumped into local partition and that involves another sub namespace – partition.

To get the configuration, use the get command.

~ # esxcli system coredump partition get 
   Active: t10.ATA_____Hitachi_HDS723020BLA642___________LENOVO______MN1240FA09DU5D:7
   Configured: t10.ATA_____Hitachi_HDS723020BLA642___________LENOVO______MN1240FA09DU5D:7

To set the configuration, the set command is handy.

~ # esxcli system coredump partition list
Name                                                                        Path                                                                                            Active  Configured
--------------------------------------------------------------------------  ----------------------------------------------------------------------------------------------  ------  ----------
t10.ATA_____Hitachi_HDS723020BLA642___________LENOVO______MN1240FA09DU5D:7  /vmfs/devices/disks/t10.ATA_____Hitachi_HDS723020BLA642___________LENOVO______MN1240FA09DU5D:7    true        true

You can also change the configuration with the set command.

~ # esxcli system coredump partition set --help
Usage: esxcli system coredump partition set [cmd options]
 
Description: 
  set                   Set the specific VMkernel dump partition for this system. This will configure the dump
                        partition for the next boot. This command will change the active dump partition to the
                        partition specified.
 
Cmd options:
  -e|--enable           Enable or disable the VMkernel dump partition. This option cannot be specified when
                        setting or unconfiguring the dump partition.
  -p|--partition=  The name of the partition to use. This should be a device name with a partition number
                        at the end. Example: naa.xxxxx:1
  -s|--smart            This flag can be used only with --enable=true. It will cause the best available
                        partition to be selected using the smart selection algorithm.
  -u|--unconfigure      Set the dump partition into an unconfigured state. This will remove the current
                        configured dump partition for the next boot. This will result in the smart activate
                        algorithm being used at the next boot.

Module Management

To list the modules in ESXi server, you can use the module sub namespace with list command. There are many lines of output not listed here.

~ # esxcli system module list
Name                           Is Loaded  Is Enabled
-----------------------------  ---------  ----------
vmkernel                            true        true
chardevs                            true        true
user                                true        true
vprobe                              true        true
vmkapi_socket                       true        true
...

To get details about a module, you can use the get command

~ # esxcli system module get --module=nmp
   Module: nmp
   Module File: /usr/lib/vmware/vmkmod/nmp
   License: VMware
   Version: Version 1.0.0-0, Built on: Aug  1 2012
   Signed Status: VMware Signed
   Signature Issuer: VMware, Inc.
   Signature Digest: c99a 0c21 a220 c1b4 c0e7 202b c7f8 e916 6220 391f fe76 9612 bf38 d755 779c 5640 
   Signature FingerPrint: cb44 247a 1614 cea1 2079 362d ec86 9d0e 
   Provided Namespaces: com.vmware.vmkapi@v2_1_0_0
   Required Namespaces: com.vmware.vmkapi@v2_1_0_0, vmkernel@nover
 
~ # esxcli system module set --module=nmp --enabled true

To load a module, run the following command:

~ # esxcli system module load --module=nmp --force

You can also list parameters of a module as follows. There are actually more lines but omitted. It’s also highly possible that there is no line at all because there is no parameter to change for that module.

~ # esxcli system module parameters list --module=dvfilter
Name                                Type   Value  Description                                                                    
----------------------------------  -----  -----  -------------------------------------------------------------------------------
DVFILTERCOMM_HEAP_MAX_SIZE          int           Default DVFilterComm max heap size                                             
DVFILTERCOMM_HEAP_MIN_SIZE          int           Default DVFilterComm min heap size                                             
DVFILTERCOMM_MAXWRITEQUEUE_LEN_CTL  int           Default DVFilterComm max control message enqueued length (bytes)               
DVFILTERCOMM_MAXWRITEQUEUE_LEN_PKT  int           Default DVFilterComm max packet message enqueued length (bytes)

Userworld Process

To list these processes, you can use the following command. Again, it’s not fully list due to space limit.

~ # esxcli system process list
     Id  Cartel Id  Name                                   Security Domain     Command Line                                                                                                                                                                                                                                                              
-------  ---------  -------------------------------------  ------------------  --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
   2049          0  idle1                                  superDom                                                                                                                                                                                                                                                                                      
   2050          0  idle2                                  superDom

To find how many userworld processes running, try the following command:

~ # esxcli system process stats running get
   Running Processes: 350

To get the system workload, run the following command and get the load in 1, 5, and 15 minute period. You will get more from esxtop command anyway.

~ # esxcli system process stats load get
   Load1Minute: 0.04
   Load15Minutes: 0.04
   Load5Minutes: 0.04

Security Policy

As usual, you can list all the security policies using the list command. With each policy, you can see its enforcement level.

~ # esxcli system secpolicy domain list      
Domain Name         Enforcement Level
------------------  -----------------
appDom              enforcing        
pluginDom           enforcing        
pluginFrameworkDom  enforcing        
regularVMDom        enforcing        
superDom            enforcing        
swMgmtDom           enforcing

To change the level of enforcement, use the set command. Other than the enforcing level, I haven’t seen other level and I even tried none and a few others with no luck. The help doesn’t help neither – something for VMware to improve.

~ # esxcli system secpolicy domain set --name=appDom --level=enforcing
~ # esxcli system secpolicy domain set --help                    
Usage: esxcli system secpolicy domain set [cmd options]
 
Description: 
  set                   Set the enforcement level for a domain in the system. Any option specified here is not
                        persistent and will not survive a reboot of the system.
 
Cmd options:
  -a|--all-domains      All domains.
  -l|--level=      The enforcement level. (required)
  -n|--name=       The domain name.

Kernel Settings

There are many parameters with which you can tune the ESXi. For a complete list of these parameters, you can use the list command as follows. As you expect, there are so many of them, I just show first two. The name of the setting is self explanatory with the description field.

~ # esxcli system settings kernel list
Name                             Type    Description                                                                                                                                                                    Configured  Runtime  Default
-------------------------------  ------  -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------  ----------  -------  -------
acpiDbgLevel                     uint32  ACPI debug level                                                                                                                                                               0           0        0      
allowNonNX                       Bool    Allow booting with NX feature disabled or non present.                                                                                                                         FALSE       FALSE    FALSE  
 
~ # esxcli system settings kernel set --setting=acpiDbgLevel --value=0

ESXi Advanced Settings

There are many parameters you can fine tune the ESXi. The following shows the commands you can list them, change them.

~ # esxcli system settings advanced list
   Path: /Irq/BestVcpuRouting
   Type: integer
   Int Value: 0
   Default Int Value: 0
   Min Value: 0
   Max Value: 1
   String Value: 
   Default String Value: 
   Valid Characters: 
   Description: 1: try to route the virtual interrupt to the best vcpu; 0 to disable
 
   Path: /Irq/IRQRebalancePeriod
   Type: integer
   Int Value: 50
   Default Int Value: 50
   Min Value: 10
   Max Value: 20000
   String Value: 
   Default String Value: 
   Valid Characters: 
   Description: time in ms between attempts to rebalance interrupts
...
 
~ # esxcli system settings advanced set --help
Usage: esxcli system settings advanced set [cmd options]
 
Description: 
  set                   Set the value of an advanced option.
 
Cmd options:
  -d|--default          Reset the option to its default value.
  -i|--int-value= If the option is an integer value use this option.
  -o|--option=     The name of the option to set the value of. Example: "/Misc/HostName" (required)
  -s|--string-value=
                        If the option is a string use this option.

Setting Keyboard Configurations

ESXi is like an operating system which can interactive with users. One way of interaction is via keyboard. The esxcli command allows changing the keyboard configuration.

~ # esxcli system settings keyboard layout list
Layout         
---------------
Belgian        
Brazilian      
Croatian       
Czechoslovakian
Danish         
Estonian       
Finnish        
French         
German         
Greek          
Icelandic      
Italian        
Japanese       
Latin American 
Norwegian      
Polish         
Portuguese     
Russian        
Slovenian      
Spanish        
Swedish        
Swiss French   
Swiss German   
Turkish        
US Default     
US Dvorak      
Ukrainian      
United Kingdom 
~ # esxcli system settings keyboard layout get 
US Default

To change the keyboard layout, the following command can be used. It’s not persisted across reboot with the no-persist option.

~ # esxcli system settings keyboard layout set --layout="United Kingdom" --no-persist

Getting Uptime of the ESXi server

The first command is not that readable because the unit is microseconds. You can try the second one for days of up time.

~ # esxcli system stats uptime get
3118666003442
 
~ # echo $(($(esxcli system stats uptime get)/86400000000))
36

Syslog management

You can mark the syslog by adding a unique message in the log. Why is it needed? You can use it to mark start of new period for testing something, so that you can later easily locate the start point.

~ # esxcli system syslog mark --message="DoubleCloud Inc."
~ # tail /var/log/syslog.log 
2015-04-21T09:05:01Z syslog[2342114]: starting hostd probing.
2015-04-21T09:05:16Z syslog[2342114]: hostd probing is done.
2015-04-21T09:09:56Z smartd: [warn] t10.ATA_____Hitachi_HDS723020BLA642___________LENOVO______MN1240FA09DU5D: above TEMPERATURE threshold (187 > 0)
2015-04-21T09:10:01Z crond[2488]: crond: USER root pid 2342297 cmd /sbin/hostd-probe
2015-04-21T09:10:01Z syslog[2340250]: starting hostd probing.
2015-04-21T09:10:16Z syslog[2340250]: hostd probing is done.
2015-04-21T09:15:01Z crond[2488]: crond: USER root pid 2342557 cmd /sbin/hostd-probe
2015-04-21T09:15:01Z syslog[2342558]: starting hostd probing.
2015-04-21T09:15:16Z syslog[2342558]: hostd probing is done.
2016-04-21T09:16:49Z mark: DoubleCloud Inc.

You can reload the log daemon to apply any new configuration options as follows:

~ # esxcli system syslog reload

To retrieve syslog configuration, get command can be used:

~ # esxcli system syslog config get
   Local Log Output: 
   Local Logging Default Rotation Size: 1024
   Local Logging Default Rotations: 8
   Log To Unique Subdirectory: false
   Remote Host:

If you want to export the syslog to a remote syslog server, you can use the set command as follows. You want to make sure the FQDN is resolvable, which may involve the configuration of DNS as described earlier.

~ # esxcli system syslog config set --loghost=syslog.doublecloud.net
 Failed to resolve remote host: syslog.doublecloud.net
~ # esxcli system syslog config set --loghost=192.168.0.1

To list all the loggers, run the following command. There are many other loggers not listed due to limit of space.

~ # esxcli system syslog config logger list
   Description: Default syslog catch-all
   Destination: syslog.log
   ID: syslog
   Rotation Size: 1024
   Rotations: 8
 
   Description: VMware AMQP daemon log
   Destination: vmamqpd.log
   ID: vmamqpd
   Rotation Size: 1024
   Rotations: 8
 
   Description: Host Agent Probe
   Destination: hostd-probe.log
   ID: hostd-probe
   Rotation Size: 1024
   Rotations: 8

To change a specific logger configuration like the rotation size and how many rotations to keep, you can run the following command. The id must be one in the above list output. The unit for the size is KiB.

~ # esxcli system syslog config logger set --id=vmamqpd --size=2048

To reset a specific value for a logger, run the following command:

~ # esxcli system syslog config logger set --id=vmamqpd --reset=size

Hypervisor File System

The following command shows a quick summary of the file system. You can also drill down to the ramdisk and tardisk with the next two commands.

~ # esxcli system visorfs get
   Total Inodes: 524288
   Used Inodes: 2865
   Unlinked Inodes: 0
   Reserved Inodes: 0
   Peak Used Inodes: 2933
   Peak Unlinked Inodes: 1
   Peak Reserved Inodes: 1
   Free Inode Percent: 99
   Lowest Free Inode Percent: 99
 
~ # esxcli system visorfs ramdisk list
Ramdisk Name  System   Reserved     Maximum      Used  Peak Used  Free  Reserved Free  Maximum Inodes  Allocated Inodes  Used Inodes  Mount Point                
------------  ------  ---------  ----------  --------  ---------  ----  -------------  --------------  ----------------  -----------  ---------------------------
root            true  32768 KiB   32768 KiB   460 KiB    480 KiB  98 %           98 %            8192              4096         2434  /                          
etc             true  28672 KiB   28672 KiB   224 KiB    252 KiB  99 %           99 %            4096              1024          422  /etc                       
tmp            false   2048 KiB  196608 KiB   300 KiB   4236 KiB  99 %           85 %            8192               256            5  /tmp                       
hostdstats     false      0 KiB  180224 KiB  3072 KiB   3072 KiB  98 %            0 %            8192                32            4  /var/lib/vmware/hostd/stats
 
~ # esxcli system visorfs tardisk list
Tardisk Name  System         Size
------------  ------  -----------
s.v00           true  364138000 B
ata_pata.v00    true      43996 B
ata_pata.v01    true      28828 B
ata_pata.v02    true      31544 B
ata_pata.v03    true      32651 B
ata_pata.v04    true      36912 B

Retrieving and Setting Hostname and Domains

You can change the default hostname for esxi from the default localhost to more meaningful domain and host name.

~ # esxcli system hostname set --fqdn esxi01.doublecloud.net
~ # esxcli system hostname get                              
   Domain Name: doublecloud.net
   Fully Qualified Domain Name: esxi01.doublecloud.net
   Host Name: esxi01

When you set the hostname, you can use fqdn option or domain plus host. They are mutually exclusive. I find fqdn is easy and straightforward.

Managing Maintenance Mode

You can place the ESXi into maintenance mode assuming you have evacuated all the virutal machines.

~ # esxcli system maintenanceMode get
Disabled
~ # esxcli system maintenanceMode set --enable true --timeout=60

The default timeout for the set command is 60 seconds so the timeout can be omitted in above command.

Power Management

You can either power off or reboot ESXi from the esxcli command. But wait, why isn’t there a power on command? You will need a IPMI interface for that.

Both reboot and power off operation requires the same parameters.

~ # esxcli system shutdown reboot --delay 10 --reason="Installing a new VIB"
~ # esxcli system shutdown poweroff --delay 10 --reason="Scheduled maintenance"
 
~ # esxcli system shutdown poweroff --help
Usage: esxcli system shutdown poweroff [cmd options]
 
Description: 
  poweroff              Power off the system. The host must be in maintenance mode.
 
Cmd options:
  -d|--delay=     Delay interval in seconds
  -r|--reason=     Reason for performing the operation (required)

Configuring SNMP

There are a few parameters you can configure on ESXi. The following help shows these parameters with some descriptions.

~ # esxcli system snmp set --help
Usage: esxcli system snmp set [cmd options]
 
Description: 
  set                   This command allows the user to set up ESX SNMP agent.
 
Cmd options:
  -a|--authentication=
                        Set default authentication protocol. Values: none, MD5, SHA1
  -c|--communities=
                        Set up to ten communities each no more than 64 characters. Format is:
                        community1[,community2,...] (this overwrites previous settings)
  -e|--enable           Start or stop SNMP service. Values: [yes|no, true|false, 0|1]
  -E|--engineid=   Set SNMPv3 engine id. Must be at least 5 to 32 hexadecimal characters. 0x is stripped
                        if found as well as colons (:)
  -y|--hwsrc=      Where to source hardware events from IPMI sensors or CIM Indications. One of:
                        indications|sensors
  -l|--loglevel=   System Agent syslog logging level: debug|info|warning|error
  -n|--notraps=    Comma separated list of trap oids for traps not to be sent by agent. Use value 'reset'
                        to clear setting
  -p|--port=      Set UDP port to poll snmp agent on. The default is udp/161
  -x|--privacy=    Set default privacy protocol. Values: none, AES128
  -R|--remote-users=
                        Set up to five inform user ids. Format is: user/auth-proto/-|auth-hash/priv-proto
                        /-|priv-hash/engine-id[,...] Where user is 32 chars max. auth-proto is none|MD5|SHA1,
                        priv-proto is none|AES. '-' indicates no hash. engine-id is hex string '0x0-9a-f' up
                        to 32 chars max.
  -r|--reset            Return agent configuration to factory defaults
  -C|--syscontact= System contact string as presented in sysContact.0. Up to 255 characters
  -L|--syslocation=
                        System location string as presented in sysLocation.0. Up to 255 characters.
  -t|--targets=    Set up to three targets to send SNMPv1 traps to. Format is: ip-or-
                        hostname[@port]/community[,...] The default port is udp/162. (this overwrites previous
                        settings)
  -u|--users=      Set up to five local users. Format is: user/-|auth-hash/-|priv-hash/model[,...] Where
                        user is 32 chars max. '-' indicates no hash. Model is one of (none|auth|priv).
  -i|--v3targets=  Set up to three SNMPv3 notification targets. Format is: ip-or-hostname[@port]/remote-
                        user/security-level/trap|inform[,...].
~ # esxcli system snmp set --communities=system-monitor
~ # esxcli system snmp get                             
   Authentication: 
   Communities: system-monitor
   Enable: false
   Engineid: 
   Hwsrc: indications
   Loglevel: info
   Notraps: 
   Port: 161
   Privacy: 
   Remoteusers: 
   Syscontact: 
   Syslocation: 
   Targets: 
   Users: 
   V3targets:

Retrieving UUID

The following command retrieves the UUID for the host.
~ # esxcli system uuid get
50cdca40-8c57-2ee2-af75-8c89a5d2b40f

Reading and Setting System Time

ESXi keeps its own system clock. To read the time and set the time, you can use the following commands:

~ # esxcli system time get
2015-04-21T07:22:21Z
~ # esxcli system time set --year 2016
~ # esxcli system time set --help
Usage: esxcli system time set [cmd options]
 
Description: 
  set                   Set the system clock time. Any missing parameters will default to the current time
 
Cmd options:
  -d|--day=       Day
  -H|--hour=      Hour
  -m|--min=       Minute
  -M|--month=     Month
  -s|--sec=       Second
  -y|--year=      Year

Getting ESXi Version and Build Number

The following simple command shows the version and build number of the ESXi product.

~ # esxcli system version get
   Product: VMware ESXi
   Version: 5.1.0
   Build: Releasebuild-799733
   Update: 0

Change the ESXi welcome message

The following command changes the welcome message users see upon login. It’s not necessary to change it, but if your IT has important policy to information users upon login it’s a good way to do it.

~ # esxcli system welcomemsg set --message="DoubleCloud Welcomes You!"
~ # esxcli system welcomemsg get                                      
DoubleCloud Welcomes You!

Managing Virtual Machines

Most virtual machine related operations can be done with vim-cmd command. The esxcli command touches lower part of the virtual machine. For the hypervisor, each running virtual machine acts like a process.

You can use the following command to list all the running virtual machine. Instead of process id, each VM is identified by its world ID.

~ # esxcli vm process list
CentOS64Web
   World ID: 879855
   Process ID: 0
   VMX Cartel ID: 924902
   UUID: 42 0a d4 99 f0 17 25 bf-c4 35 e3 fd d1 19 0b 7f
   Display Name: CentOS64Web
   Config File: /vmfs/volumes/50cdcb68-6fc8e606-bb76-8c89a5d2b40f/CentOS64Web/CentOS64Web.vmx

You can kill a virtual machine by its world ID as follows:

~ #esxcli vm process kill -t force -w 879855

There are other options as listed below, for example, soft type, hard type, and the ultimate force type. With the force option, you can almost stop any virtual machine.

~ # esxcli vm process kill --help
Usage: esxcli vm process kill [cmd options]
 
Description:
kill Used to forcibly kill Virtual Machines that are stuck and not responding to normal
stop operations.
 
Cmd options:
-t|--type= The type of kill operation to attempt. There are three types of VM kills that can be
attempted: [soft, hard, force]. Users should always attempt 'soft' kills first,
which will give the VMX process a chance to shutdown cleanly (like kill or kill
-SIGTERM). If that does not work move to 'hard' kills which will shutdown the process
immediately (like kill -9 or kill -SIGKILL). 'force' should be used as a last resort
attempt to kill the VM. If all three fail then a reboot is required. (required)
-w|--world-id= The World ID of the Virtual Machine to kill. This can be obtained from the 'vm process
list' command (required)
This entry was posted in Virtualization and tagged , . Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

7 Comments

  1. Posted January 12, 2016 at 3:23 pm | Permalink

    I couldn’t refrain from commenting. Perfectly written!

  2. lawrence ch
    Posted January 13, 2016 at 11:42 am | Permalink

    A worth to read post. Thanks Steve. Plan to buy a book you authored.

  3. Posted January 13, 2016 at 6:20 pm | Permalink

    Thanks a lot for your support Lawrence!

    -Steve

  4. Cristiano
    Posted March 21, 2016 at 3:01 pm | Permalink

    Very nice initiative. Bookmarked!

    Thank you

  5. Posted March 21, 2016 at 7:37 pm | Permalink

    Thanks for your comment. Glad you like it. :)
    Steve

  6. Shivaram
    Posted May 7, 2016 at 11:40 am | Permalink

    We have two esxi hosts with V6.0.0 and 5 VMs are hosted on each ESXi hosts. Due to Business require we reboot all VMs every night. Adapter type these VMs have is E1000 type. Every day when VMs are rebooted couple of VMs will lose network connectivity. When we Select NIC and uncheck Device status and check back will resolve the issue. Decision made not to switch over to Vxnnet 3. We had history had lots of network issues when we did switch over VXMnet3. Is there is option what is the esxcli command syntax to uncheck the device NIC status and recheck it back if the Ping is failed.

    Thank you for your help

  7. Posted May 7, 2016 at 12:30 pm | Permalink

    Hi Shivaram,

    You can use the vim-cmd command to find out the device status easily. Check out the other blogs:
    http://www.doublecloud.org/2013/11/vmware-esxi-vim-cmd-command-a-quick-tutorial/
    http://www.doublecloud.org/2013/12/powerful-hacks-with-esxi-vim-cmd-command-together-with-shell-commands/

    There doesn’t seem to be a way to modify the NIC as you wanted. You can probably hack it by disconnect and connect the device with device.connection command there. Good luck!

    Steve

2 Trackbacks

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*

You may use these HTML tags and attributes <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

  • NEED HELP?


    My company has created products like vSearch ("Super vCenter"), vijavaNG APIs, EAM APIs, ICE tool. We also help clients with virtualization and cloud computing on customized development, training. Should you, or someone you know, need these products and services, please feel free to contact me: steve __AT__ doublecloud.org.

    Me: Steve Jin, VMware vExpert who authored the VMware VI and vSphere SDK by Prentice Hall, and created the de factor open source vSphere Java API while working at VMware engineering. Companies like Cisco, EMC, NetApp, HP, Dell, VMware, are among the users of the API and other tools I developed for their products, internal IT orchestration, and test automation.